Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe
Analysis ID:	1471674
MD5:	a6d83330743edcff48a85dfa1013fdab
SHA1:	0aa8362a86274edcba3c111e8d729b1e0198a92b
SHA256:	03c769a2c069d127c2d9a5103853218a8f108074f0012776ff871dadf346c39e
Tags:	exe
Infos:

Detection

Petite Virus

Score:	44
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Petite Virus

.NET source code contains potential unpacker

Installs Task Scheduler Managed Wrapper

PE file has nameless sections

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries keyboard layouts

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe (PID: 6984 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe" MD5: A6D83330743EDCFF48A85DFA1013FDAB)

SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp (PID: 7044 cmdline: "C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp" /SL5="$20422,8156847,189952,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe" MD5: B3937B0F947BBEB9F93859803C6FD14E)

BA002.exe (PID: 1900 cmdline: "C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe" MD5: 9AA0F5A7FBC6F7A2E6FEAF78F8E6B7D7)

installer.exe (PID: 1228 cmdline: .\installer.exe MD5: 4D66DE397B5BF1F085AA7046A578A34C)

GenericSetup.exe (PID: 6368 cmdline: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe MD5: 1F4C6E7D827B980005B2C9C057018BD0)

BurnAware.exe (PID: 1244 cmdline: "C:\Program Files (x86)\BurnAware Free\BurnAware.exe" MD5: 08E8163EBA464CB7AE6F2B3A0BE3B291)

chrome.exe (PID: 6148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1984,i,11324425676366746094,4243451825565655753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/after-install.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1964,i,5267843284858548281,2508834487575541351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Program Files (x86)\BurnAware Free\is-TTUUJ.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\BurnAware Free\is-VP913.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\BurnAware Free\is-GHIDU.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\BurnAware Free\is-OI7KV.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\BurnAware Free\is-RN2GJ.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\BurnAware Free\is-RELFJ.tmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 1 entries

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ET MALWARE Lavasoft PUA/Adware Client Install - Source IP: 192.168.2.4 - Destination IP: 104.16.148.130

Timestamp:	07/11/24-19:39:38.782654
SID:	2025537
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI - Source IP: 192.168.2.4 - Destination IP: 104.16.148.130

Timestamp:	07/11/24-19:39:44.565238
SID:	2849740
Source Port:	49751
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Suspicious Domain (sos .adaware .com) in TLS SNI - Source IP: 192.168.2.4 - Destination IP: 104.16.212.94

Timestamp:	07/11/24-19:39:40.960268
SID:	2849741
Source Port:	49745
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI - Source IP: 192.168.2.4 - Destination IP: 104.16.148.130

Timestamp:	07/11/24-19:39:42.215264
SID:	2849740
Source Port:	49747
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI - Source IP: 192.168.2.4 - Destination IP: 104.16.148.130

Timestamp:	07/11/24-19:39:43.806977
SID:	2849740
Source Port:	49749
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI - Source IP: 192.168.2.4 - Destination IP: 104.16.148.130

Timestamp:	07/11/24-19:39:42.987417
SID:	2849740
Source Port:	49748
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI - Source IP: 192.168.2.4 - Destination IP: 104.16.148.130

Timestamp:	07/11/24-19:39:39.840011
SID:	2849740
Source Port:	49742
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

ReversingLabs: Detection: 13%

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00D77E70 CryptAcquireContextW,___std_exception_copy,CryptCreateHash,___std_exception_copy,CryptHashData,___std_exception_copy,CryptGetHashParam,	7_2_00D77E70
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DE01E0 CryptAcquireContextA,CryptCreateHash,	7_2_00DE01E0
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DE0240 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	7_2_00DE0240
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DE0220 CryptHashData,	7_2_00DE0220
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00D7F870 CryptReleaseContext,CryptDestroyHash,	7_2_00D7F870

Source: https://www.burnaware.com/after-install.html

HTTP Parser: Base64 decoded: [null,null,null,3]

Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C3107867...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C3107867...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C3...	HTTP Parser: No favicon
Source: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: unknown	HTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.4:49742 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 104.16.212.94:443 -> 192.168.2.4:49745 version: TLS 1.0

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\2024.07.11_13.39.36.896275_installer_pid=1228.txt			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\GenericSetup.exe.log			Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 46.21.150.242:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49809 version: TLS 1.2

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: E:\Installer\Source\InstallerStealth\DevLib\obj\Release\DevLib.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2131497606.000000001AF32000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr
Source:	Binary string: E:\Installer\Source\InstallerStealth\WizardPages\obj\Release\WizardPages.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2133721314.000000001D1E2000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: E:\Installer\Build\installer.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 00000007.00000000.2048496235.0000000000EA0000.00000002.00000001.01000000.00000009.sdmp, installer.exe.5.dr
Source:	Binary string: E:\Installer\Source\InstallerStealth\OfferInstaller\obj\Release\OfferInstaller.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe

Code function: 5_2_00405434 FindFirstFileA,FindFirstFileW,

5_2_00405434

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2025537 ET MALWARE Lavasoft PUA/Adware Client Install 192.168.2.4:49740 -> 104.16.148.130:80
Source: Traffic	Snort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.4:49742 -> 104.16.148.130:443
Source: Traffic	Snort IDS: 2849741 ETPRO MALWARE Suspicious Domain (sos .adaware .com) in TLS SNI 192.168.2.4:49745 -> 104.16.212.94:443
Source: Traffic	Snort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.4:49747 -> 104.16.148.130:443
Source: Traffic	Snort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.4:49748 -> 104.16.148.130:443
Source: Traffic	Snort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.4:49749 -> 104.16.148.130:443
Source: Traffic	Snort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.4:49751 -> 104.16.148.130:443

Source: global traffic

TCP traffic: 192.168.2.4:50045 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: POST /v1/event-stat/?ProductID=IS&Type=BundleInstallStart HTTP/1.1Content-Type: application/json;charset=utf-8Host: flow.lavasoft.comContent-Length: 848Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /v1/bundle/list/?bundleId=BA002 HTTP/1.1Content-Type: application/json;charset=utf-8Host: sos.adaware.comContent-Length: 185Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /v1/event-stat/?ProductID=IS&Type=BundleProposedOffersIsEmpty HTTP/1.1Content-Type: application/json;charset=utf-8Host: flow.lavasoft.comContent-Length: 233
Source: global traffic	HTTP traffic detected: POST /v1/event-stat/?ProductID=IS&Type=PageShown HTTP/1.1Content-Type: application/json;charset=utf-8Host: flow.lavasoft.comContent-Length: 191
Source: global traffic	HTTP traffic detected: POST /v1/event-stat/?ProductID=IS&Type=BundleInstallComplete HTTP/1.1Content-Type: application/json;charset=utf-8Host: flow.lavasoft.comContent-Length: 1171
Source: global traffic	HTTP traffic detected: POST /v1/event-stat/?ProductID=IS&Type=ProfileDebug HTTP/1.1Content-Type: application/json;charset=utf-8Host: flow.lavasoft.comContent-Length: 2863
Source: global traffic	HTTP traffic detected: POST /v1/event-stat?ProductID=IS&Type=StubStart HTTP/1.1Host: flow.lavasoft.comAccept: application/jsonContent-Type: application/jsoncharsets: utf-8Content-Length: 274Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 41 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 33 61 61 32 33 36 63 33 2d 30 64 31 63 2d 66 31 37 37 2d 34 39 32 30 2d 31 63 32 62 65 32 35 38 31 66 30 62 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 34 62 62 34 31 65 38 64 2d 37 64 30 63 2d 34 32 63 31 2d 61 30 39 64 2d 37 34 62 32 34 38 39 37 65 64 61 38 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 20 28 62 75 69 6c 64 20 31 39 30 34 35 29 2c 20 36 34 2d 62 69 74 22 2c 22 44 6f 74 4e 65 74 46 72 61 6d 65 77 6f 72 6b 22 3a 22 33 2e 35 2c 20 34 2e 30 20 43 6c 69 65 6e 74 2c 20 34 2e 30 20 46 75 6c 6c 2c 20 34 2e 35 2c 20 34 2e 35 2e 31 2c 20 34 2e 35 2e 32 2c 20 34 2e 36 2c 20 34 2e 36 2e 31 2c 20 34 2e 36 2e 32 22 7d 7d 0a Data Ascii: {"Data":{"BundleId":"BA002","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","OsVersion":"Microsoft Windows 10 (build 19045), 64-bit","DotNetFramework":"3.5, 4.0 Client, 4.0 Full, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2"}}
Source: global traffic	HTTP traffic detected: POST /v1/event-stat?ProductID=IS&Type=StubBundleStart HTTP/1.1Host: flow.lavasoft.comAccept: application/jsonContent-Type: application/jsoncharsets: utf-8Content-Length: 151Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 41 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 33 61 61 32 33 36 63 33 2d 30 64 31 63 2d 66 31 37 37 2d 34 39 32 30 2d 31 63 32 62 65 32 35 38 31 66 30 62 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 34 62 62 34 31 65 38 64 2d 37 64 30 63 2d 34 32 63 31 2d 61 30 39 64 2d 37 34 62 32 34 38 39 37 65 64 61 38 22 2c 22 49 6e 50 72 6f 63 65 73 73 22 3a 22 74 72 75 65 22 7d 7d 0a Data Ascii: {"Data":{"BundleId":"BA002","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","InProcess":"true"}}

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 104.16.148.130 104.16.148.130

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	HTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.4:49742 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 104.16.212.94:443 -> 192.168.2.4:49745 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.164.18
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.164.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00DBD610 recv,WSAGetLastError,

7_2_00DBD610

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wRTxFRwcxxg7e5C&MD=L+rnHGl2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /update.ver HTTP/1.1User-Agent: WebDataCache-Control: no-cacheHost: www.burnaware.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /after-install.html HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/logo.png HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/facebook.png HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.slim.min.js HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/help.png HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/boxshot_ultimate.png HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/winxvideo_ai_box.png HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bootstrap.min.js HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/facebook.png HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/logo.png HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/free_burning_software.png HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/dvd_burning_software.jpg HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/help.png HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/disc_burner.png HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/best_software.png HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/free_software.png HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/boxshot_ultimate.png HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/facebook.jpg HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/winxvideo_ai_box.png HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/twitter.jpg HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/free_burning_software.png HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.2144220585.1720719599; _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1
Source: global traffic	HTTP traffic detected: GET /images/dvd_burning_software.jpg HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.2144220585.1720719599; _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1
Source: global traffic	HTTP traffic detected: GET /images/disc_burner.png HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
Source: global traffic	HTTP traffic detected: GET /images/free_software.png HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
Source: global traffic	HTTP traffic detected: GET /images/best_software.png HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
Source: global traffic	HTTP traffic detected: GET /images/facebook.jpg HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
Source: global traffic	HTTP traffic detected: GET /images/twitter.jpg HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
Source: global traffic	HTTP traffic detected: GET /pagead/html/r20240709/r20110914/zrt_lookup_fy2021.html HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.burnaware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&btvi=1&fsb=1&dtd=1583 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.burnaware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-7659414764356284&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1720442382&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.burnaware.com%2F&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=27_15~29_10~30_19&aiixl=27_3~29_5~30_6&aslmct=0.7&asamct=0.7&aisaib=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598746&bpp=1&bdt=519&idt=1591&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=930x280&nras=1&correlator=8080801241025&frm=20&pv=1&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fsapi=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1596 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.burnaware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-7659414764356284&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1720153543&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=27_9~30_19&aiixl=27_3~30_6&aslmct=0.7&asamct=0.7&aisaib=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598796&bpp=2&bdt=2948&idt=1590&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=930x280&nras=1&correlator=139266055133&frm=20&pv=1&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fsapi=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1599 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wRTxFRwcxxg7e5C&MD=L+rnHGl2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pagead/drt/s?v=r20120211 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CMU2X8hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTMAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu8mManDMJHDRU-QHVpEs6eqGSwG35AkdoIZSJ3KUhqUO8jHQApzR8AEt4_u6q0EiAWL5NvKS5IFBAgEGAGSBQQIBRgEoAYCgAeWgehmqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwHyBwUQ9-LwBdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WNm3jIXEn4cDmglQaHR0cHM6Ly9wY2FwcC5zdG9yZS8_YXA9YWR3JmFzPWdfZF93aXRob3V0X3NvZnR3YXJlX2luJmRtW2Fkc109bmV3X3N0YXRpY19zdHJpcGWACgHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA9gTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi03NjU5NDE0NzY0MzU2Mjg0GACyGAkSArBTGAIiAQDoGAE&sigh=N5vzbh5VIdk&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLEYAQ&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source=navigation-source, triggerReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&btvi=1&fsb=1&dtd=1583Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=C6hJM8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5AFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHKDgOV7Hz0ssS-tC1snx5DWxMp6YRC6nJ3H9CaXYh-V0D9zEZlnzABIyA167aBIgFxOXE1E6SBQQIBBgBkgUECAUYBKAGAoAHnYeOmQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBDTjC3SCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljg1I6FxJ-HA5oJOGh0dHBzOi8vY2FwaXRhbG9uZXNob3BwaW5nLmNvbS9qb2luLWNhcGl0YWwtb25lLXNob3BwaW5ngAoByAsB2gwRCgsQ8IaU-97Mm6jsARICAQPYEwzQFQGAFwGyFxwKGggAEhRwdWItNzY1OTQxNDc2NDM1NjI4NBgAshgFGAIiAQDoGAE&sigh=wfCMA8jNnbo&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVIYAQ&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source=navigation-source, triggerReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&bgload=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVV
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&bgload=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&btvi=1&fsb=1&dtd=1583Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.burnaware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.burnaware.com/after-install.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599; __gads=ID=ca85369507f447bd:T=1720719602:RT=1720719602:S=ALNI_MbHtj5QHwOekxUSdDmDxc_7knS1YA; __gpi=UID=00000e799b877b18:T=1720719602:RT=1720719602:S=ALNI_MYL62l_8SiXw2LX6eQ-MMs_GS1OLw; __eoi=ID=27b38297c77e7373:T=1720719602:RT=1720719602:S=AA-AfjahcyA-wmZK3Up08clNIkO2
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599; __gads=ID=ca85369507f447bd:T=1720719602:RT=1720719602:S=ALNI_MbHtj5QHwOekxUSdDmDxc_7knS1YA; __gpi=UID=00000e799b877b18:T=1720719602:RT=1720719602:S=ALNI_MYL62l_8SiXw2LX6eQ-MMs_GS1OLw; __eoi=ID=27b38297c77e7373:T=1720719602:RT=1720719602:S=AA-AfjahcyA-wmZK3Up08clNIkO2
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&btvi=1&fsb=1&dtd=1583Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/aframe HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.burnaware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&btvi=1&fsb=1&dtd=1583Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&btvi=1&fsb=1&dtd=1583Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /update.ver HTTP/1.1User-Agent: WebDataHost: www.burnaware.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /after-install.html HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.burnaware.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: flow.lavasoft.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sos.adaware.com
Source: global traffic	DNS traffic detected: DNS query: www.burnaware.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net

Source: unknown

HTTP traffic detected: POST /v1/event-stat/?ProductID=IS&Type=BundleInstallStart HTTP/1.1Content-Type: application/json;charset=utf-8Host: flow.lavasoft.comContent-Length: 848Connection: Keep-Alive

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1694821993.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.2227509146.00000000020FE000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.1697349895.0000000003350000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000022C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://counter-strike.com.ua/
Source: GenericSetup.exe, 00000008.00000002.2134239515.000000001E4C1000.00000004.00000020.00020000.00000000.sdmp, BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: GenericSetup.exe, 00000008.00000002.2134429600.000000001E501000.00000004.00000020.00020000.00000000.sdmp, BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2222632262.000000000018D000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005CB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005D3E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, is-VCHUQ.tmp.1.dr, is-OPUI7.tmp.1.dr, BA002.exe.1.dr, is-Q20KD.tmp.1.dr, is-1NOV0.tmp.1.dr, is-A0FRI.tmp.1.dr, is-1CK0H.tmp.1.dr, is-IKG3F.tmp.1.dr	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2222632262.000000000018D000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005CB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005D3E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, is-VCHUQ.tmp.1.dr, is-OPUI7.tmp.1.dr, BA002.exe.1.dr, is-Q20KD.tmp.1.dr, is-1NOV0.tmp.1.dr, is-A0FRI.tmp.1.dr, is-1CK0H.tmp.1.dr, is-IKG3F.tmp.1.dr	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://crl.globalsign.com/gs/gscodesigng3.crl0
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://crl.globalsign.com/root.crl0Y
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: GenericSetup.exe, 00000008.00000002.2125998644.0000000002F2E000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002FD8000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002E7B000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://flow.lavasoft.com
Source: installer.exe, 00000007.00000002.2136815111.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
Source: installer.exe, 00000007.00000003.2136407471.0000000000793000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2136815111.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart0
Source: installer.exe, 00000007.00000003.2136407471.0000000000793000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2136815111.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStartl
Source: installer.exe, 00000007.00000002.2136815111.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart
Source: installer.exe, 00000007.00000003.2136407471.0000000000793000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2136815111.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStartdlllgzF
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2222632262.000000000018D000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005CB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005D3E000.00000004.00001000.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2134239515.000000001E4C1000.00000004.00000020.00020000.00000000.sdmp, BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, is-VCHUQ.tmp.1.dr, is-OPUI7.tmp.1.dr, BA002.exe.1.dr, is-Q20KD.tmp.1.dr, is-1NOV0.tmp.1.dr, is-A0FRI.tmp.1.dr, is-1CK0H.tmp.1.dr, is-IKG3F.tmp.1.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesigng30V
Source: GenericSetup.exe, 00000008.00000002.2125998644.00000000029A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng3ocsp.crt04
Source: GenericSetup.exe, 00000008.00000002.2125998644.0000000002C56000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sos.adaware.com
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2131497606.000000001AF32000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://webcompanion.com/privacy
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2133721314.000000001D1E2000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://webcompanion.com/terms?http://webcompanion.com/privacyOOptional
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp, BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, BurnAware.exe, 0000000B.00000002.2952066249.0000000005DE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/(
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.2227509146.00000000021DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000023CD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/)
Source: BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com//
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/0
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1694821993.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.1697349895.0000000003350000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/2http://www.burnaware.com/2http://www.burnaware.com/&
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000023CD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/9
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/:
Source: BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/G
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2226325034.0000000003950000.00000004.00000020.00020000.00000000.sdmp, unins000.dat.1.dr	String found in binary or memory: http://www.burnaware.com/after-install.html
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2224481624.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2209327170.0000000000712000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/after-install.html5
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2226325034.0000000003950000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/after-install.html9
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2209327170.0000000000712000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/after-install.htmlI
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2209327170.0000000000712000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/after-install.htmlY
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2226325034.0000000003950000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/after-install.htmli
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2222141403.00000000006B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/after-install.htmlwsINetCookiesr
Source: BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/o
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/om4c
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/p
Source: BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, BurnAware.exe, 0000000B.00000002.2948929869.000000000231D000.00000004.00001000.00020000.00000000.sdmp, BurnAware.exe, 0000000B.00000002.2947677719.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/update.ver
Source: BurnAware.exe, 0000000B.00000000.2192261237.0000000000416000.00000020.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.burnaware.com/update.verU
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.burnaware.com/update.verbh
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2222632262.000000000018D000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005CB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005D3E000.00000004.00001000.00020000.00000000.sdmp, is-OPUI7.tmp.1.dr	String found in binary or memory: http://www.burnaware.comD
Source: BurnAware.exe, 0000000B.00000000.2193055027.0000000000524000.00000002.00000001.01000000.00000013.sdmp, is-Q20KD.tmp.1.dr, is-1NOV0.tmp.1.dr, is-A0FRI.tmp.1.dr, is-IKG3F.tmp.1.dr	String found in binary or memory: http://www.burnaware.comDVarFileInfo$
Source: BurnAware.exe, 0000000B.00000000.2192261237.0000000000416000.00000020.00000001.01000000.00000013.sdmp, is-Q20KD.tmp.1.dr, is-1NOV0.tmp.1.dr, is-A0FRI.tmp.1.dr, is-IKG3F.tmp.1.dr	String found in binary or memory: http://www.burnaware.comopenU
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1694821993.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.2227509146.00000000020FE000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.1697349895.0000000003350000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000022C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1695398736.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1695703188.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000000.1696423053.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp.0.dr	String found in binary or memory: http://www.innosetup.com/
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: is-1CK0H.tmp.1.dr	String found in binary or memory: http://www.mp3dev.org/
Source: is-1CK0H.tmp.1.dr	String found in binary or memory: http://www.mp3dev.org/0.89LAME3.93
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1694821993.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.2227509146.00000000020FE000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.1697349895.0000000003350000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000022C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.palkornel.hu/innosetup%1
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1695398736.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1695703188.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000000.1696423053.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp.0.dr	String found in binary or memory: http://www.remobjects.com/ps
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2131497606.000000001AF32000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://www.webcompanion.com/:http://webcompanion.com/terms
Source: GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: chromecache_152.13.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, installer.exe, 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 00000007.00000000.2048496235.0000000000EA0000.00000002.00000001.01000000.00000009.sdmp, installer.exe.5.dr	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: installer.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: BurnAware Free.log.8.dr	String found in binary or memory: https://flow.lavasoft.com
Source: GenericSetup.exe, 00000008.00000002.2125998644.0000000002FD8000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002E7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?Product
Source: GenericSetup.exe, 00000008.00000002.2125998644.0000000002EA9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallComplete
Source: GenericSetup.exe, 00000008.00000002.2125998644.00000000029A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart
Source: GenericSetup.exe, 00000008.00000002.2125998644.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOff
Source: GenericSetup.exe, 00000008.00000002.2125998644.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffersIsEmpty
Source: GenericSetup.exe, 00000008.00000002.2125998644.0000000002E7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown
Source: GenericSetup.exe, 00000008.00000002.2125998644.0000000002FD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=ProfileDebug
Source: chromecache_173.13.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_135.13.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=fccs&
Source: chromecache_175.13.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?
Source: GenericSetup.exe, 00000008.00000002.2125998644.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125012451.0000000000830000.00000004.00000020.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125012451.000000000083C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sos.adaware.com
Source: GenericSetup.exe, 00000008.00000002.2125998644.0000000002C56000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sos.adaware.com/v1/bundle/list/?bundleId=BA002
Source: chromecache_152.13.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_152.13.dr	String found in binary or memory: https://tagassistant.google.com/
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr	String found in binary or memory: https://taskscheduler.codeplex.com/
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr	String found in binary or memory: https://taskscheduler.codeplex.com/F
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.burnaware.com/
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.burnaware.com/;aT
Source: BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.burnaware.com/update.ver#
Source: BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.burnaware.com/update.verf
Source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: chromecache_152.13.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_152.13.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_152.13.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_152.13.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_152.13.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 46.21.150.242:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49809 version: TLS 1.2

System Summary

PE file has nameless sections

Source: is-RN2GJ.tmp.1.dr	Static PE information: section name:
Source: is-RN2GJ.tmp.1.dr	Static PE information: section name:
Source: is-VP913.tmp.1.dr	Static PE information: section name:
Source: is-VP913.tmp.1.dr	Static PE information: section name:
Source: is-OI7KV.tmp.1.dr	Static PE information: section name:
Source: is-OI7KV.tmp.1.dr	Static PE information: section name:
Source: is-TTUUJ.tmp.1.dr	Static PE information: section name:
Source: is-TTUUJ.tmp.1.dr	Static PE information: section name:
Source: is-GHIDU.tmp.1.dr	Static PE information: section name:
Source: is-GHIDU.tmp.1.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_00416076	5_2_00416076
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_0040E38E	5_2_0040E38E
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_00412480	5_2_00412480
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_004039C8	5_2_004039C8
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_00418CC1	5_2_00418CC1
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_00418D9B	5_2_00418D9B
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DB1010	7_2_00DB1010
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DBC880	7_2_00DBC880
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00D99D50	7_2_00D99D50
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DBFE30	7_2_00DBFE30
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DDA0C0	7_2_00DDA0C0
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DD90A0	7_2_00DD90A0
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E51020	7_2_00E51020
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E60010	7_2_00E60010
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E6B1C1	7_2_00E6B1C1
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E6B3F0	7_2_00E6B3F0
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E616B7	7_2_00E616B7
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E027C0	7_2_00E027C0
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DC77E0	7_2_00DC77E0
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E72AB0	7_2_00E72AB0
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E52A90	7_2_00E52A90
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DD9B20	7_2_00DD9B20
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E63D4F	7_2_00E63D4F
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E7BD24	7_2_00E7BD24
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E6AF92	7_2_00E6AF92
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B881459	8_2_00007FFD9B881459
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B88DAE5	8_2_00007FFD9B88DAE5
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B89B33A	8_2_00007FFD9B89B33A
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B89981C	8_2_00007FFD9B89981C
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B896760	8_2_00007FFD9B896760
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B89F604	8_2_00007FFD9B89F604
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B89B39A	8_2_00007FFD9B89B39A
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B88CBA6	8_2_00007FFD9B88CBA6
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B880CF0	8_2_00007FFD9B880CF0

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: String function: 00413724 appears 176 times
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: String function: 00403A63 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: String function: 00DC7F80 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: String function: 00DE2328 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: String function: 00DFC2B0 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: String function: 00DE2308 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: String function: 00D811B0 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: String function: 00DBD340 appears 106 times
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: String function: 00DBD3E0 appears 124 times
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: String function: 00DC7520 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: String function: 00D79F40 appears 38 times

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-6A35E.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-6A35E.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1695398736.00000000025F9000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1695703188.000000007FE35000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: is-RN2GJ.tmp.1.dr	Static PE information: Section: ZLIB complexity 0.9989476697198276
Source: is-TTUUJ.tmp.1.dr	Static PE information: Section: ZLIB complexity 0.9936018318965517
Source: is-GHIDU.tmp.1.dr	Static PE information: Section: ZLIB complexity 0.993896484375

Source: Microsoft.Win32.TaskScheduler.dll.5.dr, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: Microsoft.Win32.TaskScheduler.dll.5.dr, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: Microsoft.Win32.TaskScheduler.dll.5.dr, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'

Source: Microsoft.Win32.TaskScheduler.dll.5.dr, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: Microsoft.Win32.TaskScheduler.dll.5.dr, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: Microsoft.Win32.TaskScheduler.dll.5.dr, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: Microsoft.Win32.TaskScheduler.dll.5.dr, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: Microsoft.Win32.TaskScheduler.dll.5.dr, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: Microsoft.Win32.TaskScheduler.dll.5.dr, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)

Source: classification engine

Classification label: mal44.troj.evad.winEXE@38/178@26/10

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00DC9850 GetLastError,_strncpy,FormatMessageA,___swprintf_l,_strrchr,_strrchr,GetLastError,SetLastError,

7_2_00DC9850

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00D772E0 CoCreateInstance,CoSetProxyBlanket,

7_2_00D772E0

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

File created: C:\Program Files (x86)\BurnAware Free

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\GenericSetupBurnAware Free
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Mutant created: \Sessions\1\BaseNamedObjects\GenericSetupInstaller_BA002

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

File created: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp

Jump to behavior

Source: Yara match

File source: C:\Program Files (x86)\BurnAware Free\is-RELFJ.tmp, type: DROPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

ReversingLabs: Detection: 13%

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	Process created: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp "C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp" /SL5="$20422,8156847,189952,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe"
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe "C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe"
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe .\installer.exe
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process created: C:\Program Files (x86)\BurnAware Free\BurnAware.exe "C:\Program Files (x86)\BurnAware Free\BurnAware.exe"
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/after-install.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1964,i,5267843284858548281,2508834487575541351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1984,i,11324425676366746094,4243451825565655753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	Process created: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp "C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp" /SL5="$20422,8156847,189952,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe "C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process created: C:\Program Files (x86)\BurnAware Free\BurnAware.exe "C:\Program Files (x86)\BurnAware Free\BurnAware.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/after-install.html	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe .\installer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1964,i,5267843284858548281,2508834487575541351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1984,i,11324425676366746094,4243451825565655753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: BurnAware Free.lnk.1.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\BurnAware Free\BurnAware.exe
Source: Help.lnk.1.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\BurnAware Free\burnaware.chm
Source: Uninstall BurnAware Free.lnk.1.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\BurnAware Free\unins000.exe
Source: BurnAware Free.lnk0.1.dr	LNK file: ..\..\..\Program Files (x86)\BurnAware Free\BurnAware.exe

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Automated click: I accept the agreement

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Static file information: File size 8728608 > 1048576

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: E:\Installer\Source\InstallerStealth\DevLib\obj\Release\DevLib.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2131497606.000000001AF32000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr
Source:	Binary string: E:\Installer\Source\InstallerStealth\WizardPages\obj\Release\WizardPages.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2133721314.000000001D1E2000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: E:\Installer\Build\installer.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 00000007.00000000.2048496235.0000000000EA0000.00000002.00000001.01000000.00000009.sdmp, installer.exe.5.dr
Source:	Binary string: E:\Installer\Source\InstallerStealth\OfferInstaller\obj\Release\OfferInstaller.pdb source: BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: Microsoft.Win32.TaskScheduler.dll.5.dr, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: Microsoft.Win32.TaskScheduler.dll.5.dr, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: Microsoft.Win32.TaskScheduler.dll.5.dr, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe

Code function: 5_2_004180F0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

5_2_004180F0

Source: initial sample

Static PE information: section where entry point is pointing to: petite

Source: BA002.exe.1.dr	Static PE information: section name: .sxdata
Source: is-IKG3F.tmp.1.dr	Static PE information: section name: .didata
Source: is-H5TJJ.tmp.1.dr	Static PE information: section name: .didata
Source: is-E51LB.tmp.1.dr	Static PE information: section name: .didata
Source: is-Q20KD.tmp.1.dr	Static PE information: section name: .didata
Source: is-1NOV0.tmp.1.dr	Static PE information: section name: .didata
Source: is-5KE08.tmp.1.dr	Static PE information: section name: .didata
Source: is-O783M.tmp.1.dr	Static PE information: section name: .didata
Source: is-IS776.tmp.1.dr	Static PE information: section name: .didata
Source: is-VHPJS.tmp.1.dr	Static PE information: section name: .didata
Source: is-A0FRI.tmp.1.dr	Static PE information: section name: .didata
Source: is-Q109T.tmp.1.dr	Static PE information: section name: .didata
Source: is-S8AB8.tmp.1.dr	Static PE information: section name: .didata
Source: is-RN2GJ.tmp.1.dr	Static PE information: section name:
Source: is-RN2GJ.tmp.1.dr	Static PE information: section name:
Source: is-RN2GJ.tmp.1.dr	Static PE information: section name: petite
Source: is-VP913.tmp.1.dr	Static PE information: section name:
Source: is-VP913.tmp.1.dr	Static PE information: section name:
Source: is-VP913.tmp.1.dr	Static PE information: section name: petite
Source: is-OI7KV.tmp.1.dr	Static PE information: section name:
Source: is-OI7KV.tmp.1.dr	Static PE information: section name:
Source: is-OI7KV.tmp.1.dr	Static PE information: section name: petite
Source: is-TTUUJ.tmp.1.dr	Static PE information: section name:
Source: is-TTUUJ.tmp.1.dr	Static PE information: section name:
Source: is-TTUUJ.tmp.1.dr	Static PE information: section name: petite
Source: is-GHIDU.tmp.1.dr	Static PE information: section name:
Source: is-GHIDU.tmp.1.dr	Static PE information: section name:
Source: is-GHIDU.tmp.1.dr	Static PE information: section name: petite
Source: is-RELFJ.tmp.1.dr	Static PE information: section name: .didata
Source: is-OPUI7.tmp.1.dr	Static PE information: section name: .didata

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_00411130 push ecx; mov dword ptr [esp], ecx	5_2_00411131
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_00413724 push eax; ret	5_2_00413742
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_00413A90 push eax; ret	5_2_00413ABE
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DFC2F6 push ecx; ret	7_2_00DFC309
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DFBD43 push ecx; ret	7_2_00DFBD56
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B89073E push ecx; iretd	8_2_00007FFD9B8907EC
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B894B35 push ebx; iretd	8_2_00007FFD9B894BEA
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B880A6D push eax; retf	8_2_00007FFD9B880A79
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Code function: 8_2_00007FFD9B898AC6 pushfd ; ret	8_2_00007FFD9B898AC9

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\DiscInfo.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\bass.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-H5TJJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-1CK0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-O783M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-OI7KV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\bamedenclib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-IKG3F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\EraseDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-TTUUJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-7GQL9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\UnpackISO.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\en\DevLib.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\de\DevLib.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\VerifyDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\bassenc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\bashell64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-BHLQP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\bamainlib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-5KE08.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-VCHUQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-GHIDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\es\DevLib.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\SpanDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\OfferInstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-E51LB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-6A35E.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	File created: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\DevLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\baplayer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-IS776.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\BurnImage.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-Q109T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\AudioCD.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-A0FRI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\bashell32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-VHPJS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\MakeISO.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\MediaDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\CopyImage.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-OPUI7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-VP913.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-MNMMR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\WizardPages.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\DataDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-RN2GJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\tags.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\fr\DevLib.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-S8AB8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-RELFJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-Q20KD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\bawmalib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\badecx.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\is-1NOV0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\bassflac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\basswma.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\Program Files (x86)\BurnAware Free\BurnAware.exe (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\2024.07.11_13.39.36.896275_installer_pid=1228.txt			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\GenericSetup.exe.log			Jump to behavior

Boot Survival

Installs Task Scheduler Managed Wrapper

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe

File created: C:\Users\user\AppData\Local\Temp\7zSC67062FB\Microsoft.Win32.TaskScheduler.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\BurnAware Free.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\Help.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\BurnAware Free on the Web.url	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\Uninstall BurnAware Free.lnk	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=True
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Memory allocated: B80000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Memory allocated: 1A9A0000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598796	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598465	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598136	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598017	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597844	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597734	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597624	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597515	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597406	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597290	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Window / User API: threadDelayed 2872			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Window / User API: threadDelayed 6955			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\DiscInfo.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\bass.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-H5TJJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\bamedenclib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-OI7KV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-O783M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-1CK0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-IKG3F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\EraseDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-TTUUJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-7GQL9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\UnpackISO.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC67062FB\en\DevLib.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC67062FB\de\DevLib.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\bassenc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\VerifyDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\bashell64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-BHLQP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\bamainlib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-5KE08.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-VCHUQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-GHIDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC67062FB\es\DevLib.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\SpanDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC67062FB\OfferInstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-E51LB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-6A35E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC67062FB\DevLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\baplayer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-IS776.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\BurnImage.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-Q109T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\AudioCD.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-A0FRI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\MakeISO.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\MediaDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\CopyImage.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-OPUI7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-VP913.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-MNMMR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC67062FB\WizardPages.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\DataDisc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-RN2GJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\tags.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC67062FB\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC67062FB\fr\DevLib.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-S8AB8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-RELFJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-Q20KD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\bawmalib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\badecx.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\is-1NOV0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\bassflac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\BurnAware Free\basswma.dll (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -17524406870024063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -599671s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -599343s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -598906s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -598796s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -598687s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -598578s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -598465s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -598359s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -598250s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -598136s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -598017s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -597844s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -597734s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -597624s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -597515s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -597406s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe TID: 5964	Thread sleep time: -597290s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

File Volume queried: C:\Users\user\AppData\Local\Temp\7zSC67062FB FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe

Code function: 5_2_00405434 FindFirstFileA,FindFirstFileW,

5_2_00405434

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00DAE920 GetVersionExW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,GetModuleHandleW,GetProcAddress,GetSystemMetrics,

7_2_00DAE920

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598796	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598465	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598136	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 598017	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597844	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597734	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597624	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597515	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597406	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Thread delayed: delay time: 597290	Jump to behavior

Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn\|
Source: BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2222141403.000000000068C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}iu
Source: installer.exe, 00000007.00000003.2136407471.0000000000793000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2136815111.0000000000793000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: GenericSetup.exe, 00000008.00000002.2131741081.000000001B290000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt.exeH

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00E69047 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_2_00E69047

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe

Code function: 5_2_004180F0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

5_2_004180F0

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00E79701 mov eax, dword ptr fs:[00000030h]

7_2_00E79701

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00D73EA0 GetProcessHeap,HeapFree,

7_2_00D73EA0

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_0041561A SetUnhandledExceptionFilter,	5_2_0041561A
Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe	Code function: 5_2_0041562C SetUnhandledExceptionFilter,	5_2_0041562C
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00E69047 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00E69047
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: 7_2_00DFB5EA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00DFB5EA

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/after-install.html			Jump to behavior
Source: C:\Program Files (x86)\BurnAware Free\BurnAware.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/			Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005D3E000.00000004.00001000.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2131497606.000000001AF32000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005D3E000.00000004.00001000.00020000.00000000.sdmp, is-OPUI7.tmp.1.dr	Binary or memory string: Progman
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005CB0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ProgmanU
Source: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2198523698.0000000005CB0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndU

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00DFBF48 cpuid

7_2_00DFBF48

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: GetLocaleInfoEx,GetLocaleInfoW,	7_2_00DF59F0
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: ___crtGetLocaleInfoEx,	7_2_00DF5BA6
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Code function: GetLocaleInfoW,	7_2_00E82AD8

Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7zSC67062FB VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7zSC67062FB VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7zSC67062FB\DevLib.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7zSC67062FB\WizardPages.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00D87720 GetSystemTimeAsFileTime,__aulldiv,__aulldiv,

7_2_00D87720

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00E81B5D _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

7_2_00E81B5D

Source: C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe

Code function: 5_2_004148D4 EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,

5_2_004148D4

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Petite Virus

Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-TTUUJ.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-VP913.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-GHIDU.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-OI7KV.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-RN2GJ.tmp, type: DROPPED

Remote Access Functionality

Yara detected Petite Virus

Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-TTUUJ.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-VP913.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-GHIDU.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-OI7KV.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\BurnAware Free\is-RN2GJ.tmp, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Code function: 7_2_00DBE690 htons,htons,bind,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,

7_2_00DBE690

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	321 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	11 Scheduled Task/Job	12 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	11 Scheduled Task/Job	2 Obfuscated Files or Information	Security Account Manager	157 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	Login Hook	1 Registry Run Keys / Startup Folder	11 Software Packing	NTDS	331 Security Software Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Masquerading	Cached Domain Credentials	341 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	341 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Process Injection	Proc Filesystem	2 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	13%	ReversingLabs	Win32.PUA.ICBundler

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\BurnAware Free\AudioCD.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\BurnAware.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\BurnImage.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\CopyImage.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\DataDisc.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\DiscInfo.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\EraseDisc.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\MakeISO.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\MediaDisc.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\SpanDisc.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\UnpackISO.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\VerifyDisc.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\badecx.dll (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\bamainlib.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\bamedenclib.dll (copy)	4%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\baplayer.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\bashell32.dll (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\bashell64.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\bass.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\bassenc.dll (copy)	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\bassflac.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\basswma.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\bawmalib.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-1CK0H.tmp	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-1NOV0.tmp	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-5KE08.tmp	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-6A35E.tmp	4%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-7GQL9.tmp	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-A0FRI.tmp	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-BHLQP.tmp	4%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-E51LB.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-GHIDU.tmp	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-H5TJJ.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-IKG3F.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-IS776.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-MNMMR.tmp	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-O783M.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-OI7KV.tmp	3%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-OPUI7.tmp	3%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-Q109T.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-Q20KD.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-RELFJ.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-RN2GJ.tmp	3%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-S8AB8.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-TTUUJ.tmp	3%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-VCHUQ.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-VHPJS.tmp	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\is-VP913.tmp	2%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\tags.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\BurnAware Free\unins000.exe (copy)	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC67062FB\DevLib.dll	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe	2%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC67062FB\Microsoft.Win32.TaskScheduler.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC67062FB\OfferInstaller.exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC67062FB\WizardPages.dll	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC67062FB\de\DevLib.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC67062FB\en\DevLib.resources.dll	2%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC67062FB\es\DevLib.resources.dll	2%	ReversingLabs

Source	Detection	Scanner	Label
http://www.fontbureau.com/designers	0%	URL Reputation	safe
https://ampcid.google.com/v1/publisher:getClientId	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
https://stats.g.doubleclick.net/j/collect	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://www.innosetup.com/	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&bgload=1	0%	Avira URL Cloud	safe
http://www.mp3dev.org/0.89LAME3.93	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.burnaware.com/after-install.htmlI	0%	Avira URL Cloud	safe
https://googleads.g.doubleclick.net/pagead/adview?ai=CMU2X8hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTMAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu8mManDMJHDRU-QHVpEs6eqGSwG35AkdoIZSJ3KUhqUO8jHQApzR8AEt4_u6q0EiAWL5NvKS5IFBAgEGAGSBQQIBRgEoAYCgAeWgehmqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwHyBwUQ9-LwBdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WNm3jIXEn4cDmglQaHR0cHM6Ly9wY2FwcC5zdG9yZS8_YXA9YWR3JmFzPWdfZF93aXRob3V0X3NvZnR3YXJlX2luJmRtW2Fkc109bmV3X3N0YXRpY19zdHJpcGWACgHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA9gTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi03NjU5NDE0NzY0MzU2Mjg0GACyGAkSArBTGAIiAQDoGAE&sigh=N5vzbh5VIdk&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLEYAQ&nis=6	0%	Avira URL Cloud	safe
https://curl.haxx.se/docs/http-cookies.html	0%	URL Reputation	safe
https://curl.haxx.se/docs/http-cookies.html#	0%	Avira URL Cloud	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://crl.thawte.com/ThawteTimestampingCA.crl0	0%	URL Reputation	safe
https://www.burnaware.com/images/free_software.png	0%	Avira URL Cloud	safe
http://www.burnaware.com/p	0%	Avira URL Cloud	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.burnaware.com/after-install.htmlY	0%	Avira URL Cloud	safe
https://www.burnaware.com/images/dvd_burning_software.jpg	0%	Avira URL Cloud	safe
http://www.burnaware.com/o	0%	Avira URL Cloud	safe
https://sos.adaware.com/v1/bundle/list/?bundleId=BA002	0%	Avira URL Cloud	safe
https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1	0%	Avira URL Cloud	safe
http://www.burnaware.com/:	0%	Avira URL Cloud	safe
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOff	0%	Avira URL Cloud	safe
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStartdlllgzF	0%	Avira URL Cloud	safe
https://taskscheduler.codeplex.com/F	0%	Avira URL Cloud	safe
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart	0%	Avira URL Cloud	safe
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart	0%	Avira URL Cloud	safe
http://www.burnaware.com/9	0%	Avira URL Cloud	safe
https://www.burnaware.com/update.ver#	0%	Avira URL Cloud	safe
https://flow.lavasoft.com/v1/event-stat/?Product	0%	Avira URL Cloud	safe
http://www.burnaware.com/G	0%	Avira URL Cloud	safe
http://www.burnaware.com/2http://www.burnaware.com/2http://www.burnaware.com/&	0%	Avira URL Cloud	safe
http://www.burnaware.com/update.verbh	0%	Avira URL Cloud	safe
https://www.burnaware.com/images/facebook.png	0%	Avira URL Cloud	safe
http://www.palkornel.hu/innosetup%1	0%	Avira URL Cloud	safe
https://googleads.g.doubleclick.net/pagead/adview?ai=C6hJM8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5AFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHKDgOV7Hz0ssS-tC1snx5DWxMp6YRC6nJ3H9CaXYh-V0D9zEZlnzABIyA167aBIgFxOXE1E6SBQQIBBgBkgUECAUYBKAGAoAHnYeOmQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBDTjC3SCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljg1I6FxJ-HA5oJOGh0dHBzOi8vY2FwaXRhbG9uZXNob3BwaW5nLmNvbS9qb2luLWNhcGl0YWwtb25lLXNob3BwaW5ngAoByAsB2gwRCgsQ8IaU-97Mm6jsARICAQPYEwzQFQGAFwGyFxwKGggAEhRwdWItNzY1OTQxNDc2NDM1NjI4NBgAshgFGAIiAQDoGAE&sigh=wfCMA8jNnbo&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVIYAQ&nis=6	0%	Avira URL Cloud	safe
https://www.burnaware.com/js/jquery-3.5.1.slim.min.js	0%	Avira URL Cloud	safe
https://www.burnaware.com/images/logo.png	0%	Avira URL Cloud	safe
https://www.burnaware.com/;aT	0%	Avira URL Cloud	safe
http://www.burnaware.com/0	0%	Avira URL Cloud	safe
http://www.burnaware.com/(	0%	Avira URL Cloud	safe
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart	0%	Avira URL Cloud	safe
http://webcompanion.com/privacy	0%	Avira URL Cloud	safe
http://www.burnaware.com/)	0%	Avira URL Cloud	safe
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown	0%	Avira URL Cloud	safe
http://www.burnaware.com//	0%	Avira URL Cloud	safe
http://sos.adaware.com	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences	0%	Avira URL Cloud	safe
https://www.burnaware.com/images/boxshot_ultimate.png	0%	Avira URL Cloud	safe
http://www.burnaware.com/after-install.html9	0%	Avira URL Cloud	safe
http://www.burnaware.comopenU	0%	Avira URL Cloud	safe
http://www.burnaware.com/after-install.html5	0%	Avira URL Cloud	safe
http://www.burnaware.com/om4c	0%	Avira URL Cloud	safe
http://www.burnaware.com/update.verU	0%	Avira URL Cloud	safe
http://www.burnaware.com/after-install.htmlwsINetCookiesr	0%	Avira URL Cloud	safe
https://www.burnaware.com/update.ver	0%	Avira URL Cloud	safe
http://webcompanion.com/terms?http://webcompanion.com/privacyOOptional	0%	Avira URL Cloud	safe
https://www.burnaware.com/css/bootstrap.min.css	0%	Avira URL Cloud	safe
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	0%	Avira URL Cloud	safe
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStartl	0%	Avira URL Cloud	safe
https://www.burnaware.com/images/free_burning_software.png	0%	Avira URL Cloud	safe
https://www.burnaware.com/images/best_software.png	0%	Avira URL Cloud	safe
http://www.webcompanion.com/:http://webcompanion.com/terms	0%	Avira URL Cloud	safe
http://www.burnaware.com/	0%	Avira URL Cloud	safe
https://www.burnaware.com/js/bootstrap.min.js	0%	Avira URL Cloud	safe
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallComplete	0%	Avira URL Cloud	safe
https://taskscheduler.codeplex.com/	0%	Avira URL Cloud	safe
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1	0%	Avira URL Cloud	safe
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart0	0%	Avira URL Cloud	safe
http://www.burnaware.com	0%	Avira URL Cloud	safe
http://www.mp3dev.org/	0%	Avira URL Cloud	safe
https://www.burnaware.com/images/winxvideo_ai_box.png	0%	Avira URL Cloud	safe
http://counter-strike.com.ua/	0%	Avira URL Cloud	safe
http://www.burnaware.com/after-install.html	0%	Avira URL Cloud	safe
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffersIsEmpty	0%	Avira URL Cloud	safe
http://flow.lavasoft.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
googleads.g.doubleclick.net	142.250.186.66	true	false	unknown
sos.adaware.com	104.16.212.94	true	true	unknown
www.google.com	142.250.185.132	true	false	unknown
www.burnaware.com	46.21.150.242	true	false	unknown
flow.lavasoft.com	104.16.148.130	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.burnaware.com/images/free_software.png	false	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211	false		unknown
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&bgload=1	false	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/adview?ai=CMU2X8hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTMAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu8mManDMJHDRU-QHVpEs6eqGSwG35AkdoIZSJ3KUhqUO8jHQApzR8AEt4_u6q0EiAWL5NvKS5IFBAgEGAGSBQQIBRgEoAYCgAeWgehmqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwHyBwUQ9-LwBdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WNm3jIXEn4cDmglQaHR0cHM6Ly9wY2FwcC5zdG9yZS8_YXA9YWR3JmFzPWdfZF93aXRob3V0X3NvZnR3YXJlX2luJmRtW2Fkc109bmV3X3N0YXRpY19zdHJpcGWACgHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA9gTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi03NjU5NDE0NzY0MzU2Mjg0GACyGAkSArBTGAIiAQDoGAE&sigh=N5vzbh5VIdk&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLEYAQ&nis=6	false	Avira URL Cloud: safe	unknown
https://www.burnaware.com/images/dvd_burning_software.jpg	false	Avira URL Cloud: safe	unknown
https://sos.adaware.com/v1/bundle/list/?bundleId=BA002	true	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1	false	Avira URL Cloud: safe	unknown
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart	true	Avira URL Cloud: safe	unknown
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart	true	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/adview?ai=C6hJM8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5AFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHKDgOV7Hz0ssS-tC1snx5DWxMp6YRC6nJ3H9CaXYh-V0D9zEZlnzABIyA167aBIgFxOXE1E6SBQQIBBgBkgUECAUYBKAGAoAHnYeOmQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBDTjC3SCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljg1I6FxJ-HA5oJOGh0dHBzOi8vY2FwaXRhbG9uZXNob3BwaW5nLmNvbS9qb2luLWNhcGl0YWwtb25lLXNob3BwaW5ngAoByAsB2gwRCgsQ8IaU-97Mm6jsARICAQPYEwzQFQGAFwGyFxwKGggAEhRwdWItNzY1OTQxNDc2NDM1NjI4NBgAshgFGAIiAQDoGAE&sigh=wfCMA8jNnbo&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVIYAQ&nis=6	false	Avira URL Cloud: safe	unknown
https://www.burnaware.com/images/facebook.png	false	Avira URL Cloud: safe	unknown
https://www.burnaware.com/js/jquery-3.5.1.slim.min.js	false	Avira URL Cloud: safe	unknown
https://www.burnaware.com/images/logo.png	false	Avira URL Cloud: safe	unknown
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart	true	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581	false		unknown
https://www.burnaware.com/images/boxshot_ultimate.png	false	Avira URL Cloud: safe	unknown
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown	true	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1720442382&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.burnaware.com%2F&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=27_15~29_10~30_19&aiixl=27_3~29_5~30_6&aslmct=0.7&asamct=0.7&aisaib=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598746&bpp=1&bdt=519&idt=1591&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=930x280&nras=1&correlator=8080801241025&frm=20&pv=1&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fsapi=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1596	false		unknown
https://googleads.g.doubleclick.net/pagead/html/r20240709/r20110914/zrt_lookup_fy2021.html	false		unknown
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA	false		unknown
https://www.burnaware.com/css/bootstrap.min.css	false	Avira URL Cloud: safe	unknown
https://www.burnaware.com/update.ver	false	Avira URL Cloud: safe	unknown
https://www.burnaware.com/images/free_burning_software.png	false	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&btvi=1&fsb=1&dtd=1583	false		unknown
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallComplete	true	Avira URL Cloud: safe	unknown
https://www.burnaware.com/images/best_software.png	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/aframe	false		unknown
https://www.burnaware.com/js/bootstrap.min.js	false	Avira URL Cloud: safe	unknown
https://www.burnaware.com/images/winxvideo_ai_box.png	false	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1	false	Avira URL Cloud: safe	unknown
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffersIsEmpty	true	Avira URL Cloud: safe	unknown
http://www.burnaware.com/after-install.html	false	Avira URL Cloud: safe	unknown
https://www.burnaware.com/	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.mp3dev.org/0.89LAME3.93	is-1CK0H.tmp.1.dr	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/after-install.htmlY	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2209327170.0000000000712000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ampcid.google.com/v1/publisher:getClientId	chromecache_152.13.dr	false	URL Reputation: safe	unknown
http://www.burnaware.com/o	BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/p	BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://curl.haxx.se/docs/http-cookies.html#	installer.exe	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/after-install.htmlI	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2209327170.0000000000712000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.burnaware.com/9	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000023CD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/:	BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStartdlllgzF	installer.exe, 00000007.00000003.2136407471.0000000000793000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2136815111.0000000000793000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOff	GenericSetup.exe, 00000008.00000002.2125998644.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://taskscheduler.codeplex.com/F	BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr	false	Avira URL Cloud: safe	unknown
https://www.burnaware.com/update.ver#	BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.burnaware.com/G	BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/2http://www.burnaware.com/2http://www.burnaware.com/&	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1694821993.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.1697349895.0000000003350000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://flow.lavasoft.com/v1/event-stat/?Product	GenericSetup.exe, 00000008.00000002.2125998644.0000000002FD8000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002E7B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/j/collect	chromecache_152.13.dr	false	URL Reputation: safe	unknown
http://www.burnaware.com/update.verbh	BurnAware.exe, 0000000B.00000002.2947677719.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.palkornel.hu/innosetup%1	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1694821993.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.2227509146.00000000020FE000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.1697349895.0000000003350000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000022C0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	GenericSetup.exe, 00000008.00000002.2125998644.00000000029A1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.burnaware.com/after-install.htmli	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2226325034.0000000003950000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.innosetup.com/	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1695398736.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1695703188.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000000.1696423053.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp.0.dr	false	URL Reputation: safe	unknown
https://www.burnaware.com/;aT	BurnAware.exe, 0000000B.00000002.2947677719.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/(	BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/)	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.2227509146.00000000021DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000023CD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com//	BurnAware.exe, 0000000B.00000002.2947677719.00000000006F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/0	BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://webcompanion.com/privacy	BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2131497606.000000001AF32000.00000002.00000001.01000000.00000011.sdmp	false	Avira URL Cloud: safe	unknown
http://sos.adaware.com	GenericSetup.exe, 00000008.00000002.2125998644.0000000002C56000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002B29000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.%/ads/ga-audiences	chromecache_152.13.dr	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/after-install.html5	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2224481624.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2209327170.0000000000712000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/after-install.html9	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000002.2226325034.0000000003950000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.comopenU	BurnAware.exe, 0000000B.00000000.2192261237.0000000000416000.00000020.00000001.01000000.00000013.sdmp, is-Q20KD.tmp.1.dr, is-1NOV0.tmp.1.dr, is-A0FRI.tmp.1.dr, is-IKG3F.tmp.1.dr	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/update.verU	BurnAware.exe, 0000000B.00000000.2192261237.0000000000416000.00000020.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/om4c	BurnAware.exe, 0000000B.00000002.2947677719.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://webcompanion.com/terms?http://webcompanion.com/privacyOOptional	BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2133721314.000000001D1E2000.00000002.00000001.01000000.00000012.sdmp	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com/after-install.htmlwsINetCookiesr	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2222141403.00000000006B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/?	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe	false	Avira URL Cloud: safe	unknown
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStartl	installer.exe, 00000007.00000003.2136407471.0000000000793000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2136815111.0000000000793000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.webcompanion.com/:http://webcompanion.com/terms	BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2131497606.000000001AF32000.00000002.00000001.01000000.00000011.sdmp	false	Avira URL Cloud: safe	unknown
https://curl.haxx.se/docs/http-cookies.html	BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, installer.exe, 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 00000007.00000000.2048496235.0000000000EA0000.00000002.00000001.01000000.00000009.sdmp, installer.exe.5.dr	false	URL Reputation: safe	unknown
http://www.typography.netD	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://taskscheduler.codeplex.com/	BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr	false	Avira URL Cloud: safe	unknown
http://www.burnaware.com	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, BurnAware.exe, 0000000B.00000002.2947677719.0000000000747000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	BA002.exe, 00000005.00000003.2047549521.000000000232A000.00000004.00000020.00020000.00000000.sdmp, BA002.exe, 00000005.00000003.2048015245.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Microsoft.Win32.TaskScheduler.dll.5.dr, installer.exe.5.dr	false	URL Reputation: safe	unknown
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart0	installer.exe, 00000007.00000003.2136407471.0000000000793000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2136815111.0000000000793000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.mp3dev.org/	is-1CK0H.tmp.1.dr	false	Avira URL Cloud: safe	unknown
http://counter-strike.com.ua/	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.1694821993.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe, 00000000.00000003.2227509146.00000000020FE000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.1697349895.0000000003350000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp, 00000001.00000003.2220170072.00000000022C0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fonts.com	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	GenericSetup.exe, 00000008.00000002.2132951372.000000001CE02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://flow.lavasoft.com	GenericSetup.exe, 00000008.00000002.2125998644.0000000002F2E000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002FD8000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002E7B000.00000004.00000800.00020000.00000000.sdmp, GenericSetup.exe, 00000008.00000002.2125998644.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
46.21.150.242	www.burnaware.com	Netherlands	29802	HVC-ASUS	false
104.16.212.94	sos.adaware.com	United States	13335	CLOUDFLARENETUS	true
172.217.18.2	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
104.16.148.130	flow.lavasoft.com	United States	13335	CLOUDFLARENETUS	true
142.250.186.66	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1471674
Start date and time:	2024-07-11 19:38:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe
Detection:	MAL
Classification:	mal44.troj.evad.winEXE@38/178@26/10
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 88% Number of executed functions: 150 Number of non-executed functions: 187
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 173.222.108.226, 192.229.221.95, 142.250.186.163, 64.233.166.84, 142.250.185.142, 34.104.35.123, 142.250.186.72, 216.58.206.34, 142.250.186.142, 142.250.186.110, 142.250.185.65, 172.217.18.98, 142.250.184.226, 216.58.206.33, 142.250.185.162, 142.250.184.194, 142.250.186.34, 172.217.18.97, 142.250.186.98, 142.250.185.131
Excluded domains from analysis (whitelisted): fs.microsoft.com, www.googleadservices.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, pagead2.googlesyndication.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, www.googletagmanager.com, tpc.googlesyndication.com, update.googleapis.com, clients.l.google.com, www.google-analytics.com
Execution Graph export aborted for target BurnAware.exe, PID 1244 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Simulations

Behavior and APIs

Time	Type	Description
13:39:40	API Interceptor	39x Sleep call for process: GenericSetup.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	http://track.fsome.us/?xtl=1viwu5za3qfkgb4bktigd6w9r2aiqj8ubi9x5aevx7vsdxmw96lm51d09tvturwitx5wwhlphpachqeuw68ny1p2uhpiqa5szmrev8&eih=pq9mx5ijy0kxtkev624h50srg6ww83cce1e&__stmp=sgg9ci&__onlt=h	Get hash	malicious	Unknown	Browse
	https://link.edgepilot.com/s/58f2f2eb/x4Qvr3PeoEWaCYfnNgIJ1g?u=https://onmicrosoft.highachieverssam.org/404	Get hash	malicious	HTMLPhisher	Browse
	https://www.canva.com/design/DAGKqBoB-pk/5yZY6xv4Mi45lnpws5bCrQ/edit?utm_content=DAGKqBoB-pk&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse
	http://plnbl.io/review/WX__Ro3YJP2_	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	Mott Corporation_SKM_C590368369060_417161.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://sites.google.com/view/thewassociatespe-lspllc/home	Get hash	malicious	HTMLPhisher	Browse
	https://8pingstate.sbs/y289	Get hash	malicious	Unknown	Browse
	https://www.evernote.com/shard/s552/sh/d87c15a9-f5fc-dbbf-e870-00a99882fe99/Bu1HrA086twuEcRU5pyqlAC6c1YNBJWK_suwXIxI6ybw-NGqVUWWtfJo1w	Get hash	malicious	HTMLPhisher	Browse
	https://linkpages.pro/jK3ZRv	Get hash	malicious	HTMLPhisher	Browse
	FW_ .msg	Get hash	malicious	Unknown	Browse
104.16.212.94	SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exe	Get hash	malicious	Unknown	Browse
	APInstaller (4).exe	Get hash	malicious	Unknown	Browse
	https://download.adaware.com/nano_download.php?partner=adaware	Get hash	malicious	Unknown	Browse
104.16.148.130	Setup.exe	Get hash	malicious	Unknown	Browse	geo.lavasoft.com/
	Setup.exe	Get hash	malicious	Unknown	Browse	geo.lavasoft.com/
	Setup.exe	Get hash	malicious	Unknown	Browse	geo.lavasoft.com/
	Setup.exe	Get hash	malicious	Unknown	Browse	geo.lavasoft.com/
	SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exe	Get hash	malicious	Unknown	Browse	downloadnada.lavasoft.com/update/12.10.158.0/win32/AdAwareWebInstaller.exe
	Setup (1).exe	Get hash	malicious	Unknown	Browse	geo.lavasoft.com/
	Setup (1).exe	Get hash	malicious	Unknown	Browse	geo.lavasoft.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.google.com	http://track.fsome.us/?xtl=1viwu5za3qfkgb4bktigd6w9r2aiqj8ubi9x5aevx7vsdxmw96lm51d09tvturwitx5wwhlphpachqeuw68ny1p2uhpiqa5szmrev8&eih=pq9mx5ijy0kxtkev624h50srg6ww83cce1e&__stmp=sgg9ci&__onlt=h	Get hash	malicious	Unknown	Browse	142.250.186.132
	https://link.edgepilot.com/s/58f2f2eb/x4Qvr3PeoEWaCYfnNgIJ1g?u=https://onmicrosoft.highachieverssam.org/404	Get hash	malicious	HTMLPhisher	Browse	172.217.16.196
	https://www.canva.com/design/DAGKqBoB-pk/5yZY6xv4Mi45lnpws5bCrQ/edit?utm_content=DAGKqBoB-pk&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse	216.58.206.36
	http://plnbl.io/review/WX__Ro3YJP2_	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	142.250.184.196
	Mott Corporation_SKM_C590368369060_417161.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse	142.250.184.196
	https://sites.google.com/view/thewassociatespe-lspllc/home	Get hash	malicious	HTMLPhisher	Browse	142.250.186.68
	https://8pingstate.sbs/y289	Get hash	malicious	Unknown	Browse	172.217.18.4
	https://www.evernote.com/shard/s552/sh/d87c15a9-f5fc-dbbf-e870-00a99882fe99/Bu1HrA086twuEcRU5pyqlAC6c1YNBJWK_suwXIxI6ybw-NGqVUWWtfJo1w	Get hash	malicious	HTMLPhisher	Browse	172.217.16.196
	https://linkpages.pro/jK3ZRv	Get hash	malicious	HTMLPhisher	Browse	172.217.16.196
	FW_ .msg	Get hash	malicious	Unknown	Browse	142.250.186.68
sos.adaware.com	SecuriteInfo.com.Adware.Downware.20552.29919.24444.exe	Get hash	malicious	Unknown	Browse	104.16.213.94
	SecuriteInfo.com.Trojan.MulDrop24.56436.17805.29816.exe	Get hash	malicious	Unknown	Browse	104.18.68.73
	SecuriteInfo.com.Trojan.MulDrop24.56436.17805.29816.exe	Get hash	malicious	Unknown	Browse	104.18.68.73
	SecuriteInfo.com.Program.Unwanted.5399.28168.2681.exe	Get hash	malicious	Unknown	Browse	104.18.68.73
	SecuriteInfo.com.Program.Unwanted.5399.28168.2681.exe	Get hash	malicious	Unknown	Browse	104.18.68.73
	Pokemon_ Ruby Version (V1.2).exe	Get hash	malicious	Unknown	Browse	104.18.67.73
	GenericSetup.exe	Get hash	malicious	Unknown	Browse	104.18.68.73
	VicoHome_App.exe	Get hash	malicious	Unknown	Browse	104.18.68.73
	_Papa Louie 2_ When Burgers Attack!.exe	Get hash	malicious	Unknown	Browse	104.18.68.73
	audacity-win3.0.0.exe	Get hash	malicious	Unknown	Browse	104.18.67.73
flow.lavasoft.com	JDownloaderSetup.exe	Get hash	malicious	Unknown	Browse	104.16.148.130
	JDownloaderSetup.exe	Get hash	malicious	Unknown	Browse	104.16.148.130
	SecuriteInfo.com.Adware.Downware.20552.29919.24444.exe	Get hash	malicious	Unknown	Browse	104.16.149.130
	SecuriteInfo.com.Adware.Downware.20552.29919.24444.exe	Get hash	malicious	Unknown	Browse	104.16.148.130
	SecuriteInfo.com.Trojan.MulDrop24.56436.17805.29816.exe	Get hash	malicious	Unknown	Browse	104.16.149.130
	SecuriteInfo.com.Trojan.MulDrop24.56436.17805.29816.exe	Get hash	malicious	Unknown	Browse	104.16.148.130
	SecuriteInfo.com.Program.Unwanted.5399.28168.2681.exe	Get hash	malicious	Unknown	Browse	104.17.8.52
	SecuriteInfo.com.Program.Unwanted.5399.28168.2681.exe	Get hash	malicious	Unknown	Browse	104.17.9.52
	https://filezilla-project.org/download.php?type=client	Get hash	malicious	Unknown	Browse	104.17.9.52
	wcinstaller1.exe	Get hash	malicious	Unknown	Browse	104.17.9.52

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HVC-ASUS	DHL119040 receipt document,pdf.exe	Get hash	malicious	Remcos, DBatLoader	Browse	23.227.203.18
	502407267 RUAG FOODPLAZA.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	23.111.142.162
	http://beetrootculture.com	Get hash	malicious	Unknown	Browse	23.227.193.59
	hANEXOPDF.PDF40 234057.msi	Get hash	malicious	Unknown	Browse	23.111.168.85
	http://beetrootculture.com	Get hash	malicious	Unknown	Browse	23.227.193.59
	Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
	Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
	https://www.dgccollectors.com/doc.php	Get hash	malicious	Unknown	Browse	199.167.144.130
	Fiyat ARH-4532817-PO 45328174563.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
	Fiyat ARH-4532817-PO 45328174563.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
CLOUDFLARENETUS	http://track.fsome.us/?xtl=1viwu5za3qfkgb4bktigd6w9r2aiqj8ubi9x5aevx7vsdxmw96lm51d09tvturwitx5wwhlphpachqeuw68ny1p2uhpiqa5szmrev8&eih=pq9mx5ijy0kxtkev624h50srg6ww83cce1e&__stmp=sgg9ci&__onlt=h	Get hash	malicious	Unknown	Browse	104.18.11.207
	LummaC2.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	https://link.edgepilot.com/s/58f2f2eb/x4Qvr3PeoEWaCYfnNgIJ1g?u=https://onmicrosoft.highachieverssam.org/404	Get hash	malicious	HTMLPhisher	Browse	172.64.153.29
	DO70976789089.bat.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	188.114.96.3
	https://www.canva.com/design/DAGKqBoB-pk/5yZY6xv4Mi45lnpws5bCrQ/edit?utm_content=DAGKqBoB-pk&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse	172.67.74.152
	http://plnbl.io/review/WX__Ro3YJP2_	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	104.22.54.104
	Mott Corporation_SKM_C590368369060_417161.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://sites.google.com/view/thewassociatespe-lspllc/home	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://8pingstate.sbs/y289	Get hash	malicious	Unknown	Browse	104.17.2.184
	https://www.evernote.com/shard/s552/sh/d87c15a9-f5fc-dbbf-e870-00a99882fe99/Bu1HrA086twuEcRU5pyqlAC6c1YNBJWK_suwXIxI6ybw-NGqVUWWtfJo1w	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
CLOUDFLARENETUS	http://track.fsome.us/?xtl=1viwu5za3qfkgb4bktigd6w9r2aiqj8ubi9x5aevx7vsdxmw96lm51d09tvturwitx5wwhlphpachqeuw68ny1p2uhpiqa5szmrev8&eih=pq9mx5ijy0kxtkev624h50srg6ww83cce1e&__stmp=sgg9ci&__onlt=h	Get hash	malicious	Unknown	Browse	104.18.11.207
	LummaC2.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	https://link.edgepilot.com/s/58f2f2eb/x4Qvr3PeoEWaCYfnNgIJ1g?u=https://onmicrosoft.highachieverssam.org/404	Get hash	malicious	HTMLPhisher	Browse	172.64.153.29
	DO70976789089.bat.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	188.114.96.3
	https://www.canva.com/design/DAGKqBoB-pk/5yZY6xv4Mi45lnpws5bCrQ/edit?utm_content=DAGKqBoB-pk&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse	172.67.74.152
	http://plnbl.io/review/WX__Ro3YJP2_	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	104.22.54.104
	Mott Corporation_SKM_C590368369060_417161.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://sites.google.com/view/thewassociatespe-lspllc/home	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://8pingstate.sbs/y289	Get hash	malicious	Unknown	Browse	104.17.2.184
	https://www.evernote.com/shard/s552/sh/d87c15a9-f5fc-dbbf-e870-00a99882fe99/Bu1HrA086twuEcRU5pyqlAC6c1YNBJWK_suwXIxI6ybw-NGqVUWWtfJo1w	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://track.fsome.us/?xtl=1viwu5za3qfkgb4bktigd6w9r2aiqj8ubi9x5aevx7vsdxmw96lm51d09tvturwitx5wwhlphpachqeuw68ny1p2uhpiqa5szmrev8&eih=pq9mx5ijy0kxtkev624h50srg6ww83cce1e&__stmp=sgg9ci&__onlt=h	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.32
	https://link.edgepilot.com/s/58f2f2eb/x4Qvr3PeoEWaCYfnNgIJ1g?u=https://onmicrosoft.highachieverssam.org/404	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.68.123.157 173.222.162.32
	https://www.canva.com/design/DAGKqBoB-pk/5yZY6xv4Mi45lnpws5bCrQ/edit?utm_content=DAGKqBoB-pk&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.32
	https://sites.google.com/view/thewassociatespe-lspllc/home	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.68.123.157 173.222.162.32
	https://8pingstate.sbs/y289	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.32
	https://www.evernote.com/shard/s552/sh/d87c15a9-f5fc-dbbf-e870-00a99882fe99/Bu1HrA086twuEcRU5pyqlAC6c1YNBJWK_suwXIxI6ybw-NGqVUWWtfJo1w	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.68.123.157 173.222.162.32
	https://linkpages.pro/jK3ZRv	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.68.123.157 173.222.162.32
	http://jobstorestaffing.com	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.32
	Level Four Wealth Management_SKM_C590368369060_417161.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.68.123.157 173.222.162.32
	Bill Epifanio Shared a Folder with you.pdf	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.32
54328bd36c14bd82ddaa0c04b25ed9ad	DO70976789089.bat.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.16.148.130 104.16.212.94
	P.O.exe	Get hash	malicious	Snake Keylogger	Browse	104.16.148.130 104.16.212.94
	0001244.pdf.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	104.16.148.130 104.16.212.94
	MT_056013785200.exe	Get hash	malicious	Snake Keylogger	Browse	104.16.148.130 104.16.212.94
	rSWIFT.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.16.148.130 104.16.212.94
	Order_YK240612-01D(estimate).scr.exe	Get hash	malicious	Remcos	Browse	104.16.148.130 104.16.212.94
	SI HE Voy - TC Relet 11.docx.scr.exe	Get hash	malicious	AgentTesla	Browse	104.16.148.130 104.16.212.94
	RFQ_92889128.pif.exe	Get hash	malicious	Snake Keylogger	Browse	104.16.148.130 104.16.212.94
	rC1JYAnNNn.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.16.148.130 104.16.212.94
	SecuriteInfo.com.Trojan.AutoIt.1161.27360.18045.exe	Get hash	malicious	VIP Keylogger	Browse	104.16.148.130 104.16.212.94
37f463bf4616ecd445d4a1937da06e19	ucancrosstheflowerbeautiytogetin.gIF.vbs	Get hash	malicious	Remcos	Browse	46.21.150.242
	file.exe	Get hash	malicious	Vidar	Browse	46.21.150.242
	setup.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, RedLine, Stealc, Stealerium, Vidar	Browse	46.21.150.242
	vidar0907.exe	Get hash	malicious	LummaC, Vidar	Browse	46.21.150.242
	softorganizer.exe	Get hash	malicious	LummaC, Vidar	Browse	46.21.150.242
	rFV-452747284IN.bat	Get hash	malicious	FormBook, GuLoader	Browse	46.21.150.242
	rSWIFT.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	46.21.150.242
	rNuevalistadepedidos.exe	Get hash	malicious	FormBook	Browse	46.21.150.242
	BL1+2 DRAFT.cmd	Get hash	malicious	FormBook, GuLoader	Browse	46.21.150.242
	8376320938367312.exe	Get hash	malicious	GuLoader	Browse	46.21.150.242

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2048216
Entropy (8bit):	6.523206686484186
Encrypted:	false
SSDEEP:	24576:j1H4xy4kR3za8sVPggUuBFzmBLSFRBNTvgADqjuOr75S6UMDmc9rO3T4JkQjy:jou9SzDiFr75S65Dbx6T4iX
MD5:	E5D98861DD116EDA1908CF22D466CD45
SHA1:	A689C7B7ED7C0E4346E1BA7FBEE00997F0B70F08
SHA-256:	0CD6431FA27A99E40FEE93B5741A3CED349F56609A9E9A75EF10859AF3DDF674
SHA-512:	6715E64D594401D60AC144DBC799C4F2E0EA99F5DE2FD46DC8BE111BCFFDEE0F27C246961B0561166389EBD7A569F29680AA48B328894F8C9F227E3428DC6FCA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.....................P....................@.......................... 3......< ..........@............................-..>...p/..............,........-..............................p-.......................-.\|....P-. ....................text............................... ..`.itext..< .......".................. ..`.data...............................@....bss.................\...................idata...>....-..@...\..............@....didata. ....P-.....................@....tls....<....`-..........................rdata.......p-.....................@..@.reloc........-.....................@..B.rsrc........p/.....................@..@............. 3......,..............@..@........................................................

C:\Program Files (x86)\BurnAware Free\BurnAware.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1350360
Entropy (8bit):	6.642861347345999
Encrypted:	false
SSDEEP:	24576:ye08zSJMzUJ5I4VSwq2BdS/7IF3B9G4J+gPOiIsTAA7ZUWkUNmN:lkvS0395J+gPOYTAPamN
MD5:	08E8163EBA464CB7AE6F2B3A0BE3B291
SHA1:	5AC0076EC87BD3D06772CEFCAE11148021121046
SHA-256:	6E185E0ADF5B486AD1076F1C374196BA98651065934A7530D5110891BEEB0C2E
SHA-512:	513846CFF37BC120CDF5F39F2D6966EBB983A6C3EA89B324BF0865A0CF38BF14EBE33B26ACCE95133FAD4C441C660166D049C199002ABAC98086973CFBCA7F50
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................v..........X.............@..........................`.......z...........@..............................Z2... ...@......................8..................................................8................................text....e.......f.................. ..`.itext...............j.............. ..`.data....e.......f...z..............@....bss.....y...............................idata..Z2.......4..................@....didata.............................@....tls....<................................rdata..............................@..@.reloc..8.......,..................@..B.rsrc....@... ...@...F..............@..@.............`......................@..@........................................................

C:\Program Files (x86)\BurnAware Free\BurnImage.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1802456
Entropy (8bit):	6.520785784660294
Encrypted:	false
SSDEEP:	24576:MhUTyZQFMCiQonb6M9+yBKS4pEj3TihQXahcwgwux/Xl6jGyTtKMf:4qiTsSeGahc/wuxfADTtKE
MD5:	9791043AE6ABEBF8179899AADCAA6235
SHA1:	B53C8E37444D1B7D45150261A8DFADFF081148E4
SHA-256:	865D2CF4B136FF4B5EC65E97F1BCA6852567D8F9887021B790332B789B32FF03
SHA-512:	FA9B37F90113410DEDDC68547D07D2E80963C3CD45489D9A24D64D6746E64F1EFC5DCF2E1B09E2B3CAC4F5C07E656B5C10709B4507994ED94A242A7F3AD77B07
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.........................................@..........................P/..................@............................)..8....+..p...........l.......0.T............................ .......................)........ ....................text....f.......h.................. ..`.itext... ......."...l.............. ..`.data....{.......\|..................@....bss.........0...........................idata...8....)..:..................@....didata. ...........D..............@....tls....<...........J...................rdata....... ......J..............@..@.reloc..T....0*......L..............@..B.rsrc....p....+..p..................@..@.............P/......l..............@..@........................................................

C:\Program Files (x86)\BurnAware Free\CopyImage.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1538264
Entropy (8bit):	6.488992484377018
Encrypted:	false
SSDEEP:	24576:NXOpC0NNHAxRVJG0WdKM6BHS2xVDkGcM3qBSsEXmgTm8ELlOR:Njyo5SUu/M3qBSsEFTCLl4
MD5:	3B9CA55AAA6C2F1089F04317A1D0ED5C
SHA1:	D263CC81CDBE420F45B26BB46FBE367E0DBC5AAC
SHA-256:	6615AFC9218EC2AC5A9FC52C3195316BF2C7F3D1F015EEB505082A3541DF5451
SHA-512:	202EF63DE215AB5A9B94B753855276971782F617C8CECA8B92803D0DEAAE53BF222A20C6BD565CC0AB5E5B3515BDD6134F7F76BB2F91CA543504F9CE67FFA809
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................`...........n.......p....@..........................0.......S...........@...........................`..:5...`...............d..........8....................................................i..,....... ....................text...,N.......P.................. ..`.itext.......`.......T.............. ..`.data...pj...p...l...d..............@....bss....t\|...............................idata..:5...`...6..................@....didata. ...........................@....tls....<................................rdata..............................@..@.reloc..8...........................@..B.rsrc........`......................@..@.............0.......d..............@..@........................................................

C:\Program Files (x86)\BurnAware Free\DataDisc.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2240216
Entropy (8bit):	6.515674271457544
Encrypted:	false
SSDEEP:	24576:9YQlxYiPt1wRr3AJId1qBHSMi2UiHQho+3HxDfzFxPK05M9NyKIbTvhTjQF:+8/5ScHL+3HxDfRxCcTvhTu
MD5:	5BCD29D045C4346F0DC4DC16712608A4
SHA1:	05F58AD366145F9135C583A262C51C558CF48452
SHA-256:	6AE136A1B4ED9E5C1187F466FB304A0A1F42E6E92BD73FBD9C79904D1621E88B
SHA-512:	493718D696513C378139E50ECCF2A69041A37520EAF1F3060E25E6E9C83302FDBA24B3C2744698FEFA8D5D18CBAE6FB8F6B82259A904BCFFFFFC9ACF4400AD4E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................J..........._.......p....@...........................6......."..........@............................/..;... 2...............".......0.L.............................0......................./......./. ....................text....'.......(.................. ..`.itext... ...@..."...,.............. ..`.data...p....p.......N..............@....bss.....................................idata...;..../..<..................@....didata. ...../.....................@....tls....<...../......$...................rdata........0......$..............@..@.reloc..L.....0......&..............@..B.rsrc........ 2......4..............@..@..............6.......".............@..@........................................................

C:\Program Files (x86)\BurnAware Free\DiscInfo.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1439960
Entropy (8bit):	6.459374732571663
Encrypted:	false
SSDEEP:	24576:g1Y2Zf4AVKcuPVmsmgreaBtSLNomKP5WzSe3yjvTGK/k:af4Ag/SYP5WzSe3OTGK8
MD5:	D636263A0C8B6D3E1E09A3C6F512DD07
SHA1:	9D15830E18D428DBCFB098DB8781BDF8269CD14C
SHA-256:	8E19C44FFB6C9F2990EC70D0C3793AC2DBC0D4D054FC451FC9CD4A39C5F1DF82
SHA-512:	07BA604C7CCA094B512CDF746BC943F3546501C044E3FD2CABFA3B9D92454476306C0AF555342ACF045DA7083F40659CA81E168079353432DFD8112AF6F28BAF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................~...b......t.............@.................................;d...........@..............................j0...`...T.......................j.....................................................t............................text...$o.......p.................. ..`.itext...............t.............. ..`.data...<h.......j..................@....bss.....{...............................idata..j0.......2..................@....didata.............................@....tls....<............"...................rdata..............."..............@..@.reloc...j.......l...$..............@..B.rsrc....T...`...T..................@..@....................................@..@........................................................

C:\Program Files (x86)\BurnAware Free\Dos622.img (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	DOS/MBR boot sector, code offset 0x3c+2, OEM-ID ")TNQ9IHC" cached by Windows 9M, root entries 224, sectors 2880 (volumes <=32 MB), sectors/FAT 9, sectors/track 18, serial number 0x350518e3, label: "BOOT622 ", FAT (12 bit), followed by FAT
Category:	dropped
Size (bytes):	1474560
Entropy (8bit):	6.99474059909904
Encrypted:	false
SSDEEP:	24576:A1o795/aeZ9NJ6P+TqpVj9jyJYNQKj43FuI97CwiQqddnr5O9aH41SflbEkj3eSa:A1EU+TqpVjOYNnPnrw9arIkjuSgog
MD5:	A4A096CAB6079C2CFA88A8BDE0EAC3AA
SHA1:	14F2A0E33B11F047D16DE56E92567C5FAA6C5668
SHA-256:	1AB300A0A54B8F384CC457424EA0D2F3F46BEF11C0172429C6B207B2EC539E6E
SHA-512:	415F5EE18500D442824546002C8B21FC96EAC883BD5844862767381EF05803440115FBD7ACB569A68862FD89E6C11C6B63465895134020520E2070429FD6BFB7
Malicious:	false
Reputation:	low
Preview:	.<.)TNQ9IHC........@..................)...5BOOT622 FAT12 .3....\|...x.6.7.V.S.>\|........E.....\|.M..G...>\|...ry3.9..\|t....\|.. \|..\|.&.\|...\|...\|...\|....P\|..R\|.I\|..K\|. ..&.\|...\|..H....I\|..K\|......R\|.P\|..r.....r........}.u... ....t...}._.3...^....D...XXX..G.HH...\|2.....I\|..K\|......PRQ.:.r...T.YZXr..........\|....\|..$\|..I\|.K\|...p....t).........;..\|s..6.\|...O\|3..6.\|..%\|.M\|.......M\|.....6O\|....$\|.6%\|.....Non-System disk or disk error..Replace and press any key when ready...IO SYSMSDOS SYS..U.....@..`................. ..@..`................! .#@.%`.'..)..+..-../..1 .3@.5`.7..9..;..=..?..A .C@.E`.G..I..K..M..O..Q..S@.U`.W..Y..[..].._..a .c@.e`.g..i..k..m..o..q .s@.u`.w..y..{..}...... ..@..`................. ..@..`................. ..@..`................. ..@..`................. ..@..`............... ..@..`............... ..@..`............... ..@..`.................!..A..a.................!..A..a................!!.#A.%a.'..)..+..-../.../.3A.5a.7..9..;..=..?..A!.CA.Ea

C:\Program Files (x86)\BurnAware Free\EraseDisc.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1227992
Entropy (8bit):	6.429619289168852
Encrypted:	false
SSDEEP:	24576:Z7xQFeOBnPU4ObAztEBrS5+cJg2g9hB6QCP11/TvtGoh:9DAy9ST29hB6QCP/Tvx
MD5:	2573FA5EA27B5BFC5EE3EE6CFE9A2EB9
SHA1:	96C74694EA78A9F24958C6B54342532C0F031831
SHA-256:	06B8CA60A33AAFF9F35535AC335559CE452CCDCBB79BF8125A7261BCB583D0AE
SHA-512:	FF48BC9DF0D39B24CE13A7FB32A333A5E50229DD9DD854732D6AE2272C75F7953D5CCB89C589A911B735667B9425D84FE30E21C69AE914863BD3C009FE848741
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................x...,....................@..............................................@...............................0...0...N......................4<......................................................t............................text....g.......h.................. ..`.itext...............l.............. ..`.data....f.......h...\|..............@....bss.....{...............................idata...0.......2..................@....didata.............................@....tls....<................................rdata..............................@..@.reloc..4<.......>..................@..B.rsrc....N...0...N...Z..............@..@....................................@..@........................................................

C:\Program Files (x86)\BurnAware Free\MakeISO.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2121432
Entropy (8bit):	6.495534230734781
Encrypted:	false
SSDEEP:	24576:dkaUj1cbQ5aRqDoAEzWoG5zYBbSuEl9ZTvmUBlHwedEIPp3dNmKyiLxNpmwGjh6U:Bqb8lST5+UBlHweGIPpNEdUTQ
MD5:	8586A5A100F5CBA368B0097494AB2F35
SHA1:	9C902450F0DCD458B3FB3B67F5D8621FB28BF094
SHA-256:	72F0505C570B9BAB6E54D92B0A335D40105453EECB3C631FEF2344A867A8EA55
SHA-512:	E4146E7DD9310C9BDC221074E209A0CB42FB759E1858D6FE8C45DAE2501E4B142BBE8413E6579B90F691DBC4B195D79C6064A97E864D12E366613E2B217FCC85
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....2[.....................,...............@....@..........................P4....... ..........@...........................p..B;....0..d...........J ..............................................................z.......... ....................text............................... ..`.itext..< .......".................. ..`.data...x....@......................@....bss.....................................idata..B;...p...<..................@....didata. ...........................@....tls....<................................rdata..............................@..@.reloc..............................@..B.rsrc....d....0..d..................@..@.............P4......J .............@..@........................................................

C:\Program Files (x86)\BurnAware Free\MediaDisc.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2164440
Entropy (8bit):	6.517328304440149
Encrypted:	false
SSDEEP:	24576:WtaauPx4fUV+ax/PlxBXwCBNS1xOqeW2STMZQRcl6SIjQlDfxhKrXd6TtAOut:rPafavvSv2STMZQRcn88aATtAOg
MD5:	2AA349075A63AA40B009625C3C36C5C9
SHA1:	E3EC33A7EA6FC78CE096B1F3ED223B57E4961530
SHA-256:	75F9B7BF768D2AD9B52C734F9C8BBA08F7360FCC00CB526DF7A56DFEE0F1759A
SHA-512:	36255BDF234A44145C9A06DA3A1A20BA14567B0DC73CD8EF2D35AEFC33C5FB4887CE30D69F1539DA24BCD1812241F8AED7D15BDB3C4FEE38D8399FB852E3D66C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................j........................@...........................4.......!..........@...............................;...01............... ......0/.............................. /.............................../. ....................text....G.......H.................. ..`.itext... ...`..."...L.............. ..`.data................n..............@....bss.........0...........................idata...;.......<..................@....didata. ...../......<..............@....tls....<...../......B...................rdata....... /......B..............@..@.reloc.......0/......D..............@..B.rsrc........01......@..............@..@..............4....... .............@..@........................................................

C:\Program Files (x86)\BurnAware Free\SpanDisc.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2230488
Entropy (8bit):	6.507196691314208
Encrypted:	false
SSDEEP:	24576:LP7xaFoyifoS3H/OL4NWBPSMOSfaIwwSZ07PDefPmVVDiaBYyYEiiWC/Lh2JjJLD:LMz5ZSVwSZ07PDenMDiaWyO/T3QEJ
MD5:	25620AF6CEB4BCD99655EB2EB5BC6362
SHA1:	D85F9C4B6143FD730724C2A311EC1049C3D695D6
SHA-256:	CD8040B346C6704EC2CC9645702F1535D4D1B9CF6B37DC9B62BEA0AC39019936
SHA-512:	2CA6AC5D2BCED2A54290CAA924B3146FA787480F3776E384DDEEB3E14162902D0CB50961A51D8DF0C2D02A1A702D128CCB12BF373FE08A10A66A04B01E3BE304
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....2[.................@..........$O.......`....@...........................5......."..........@............................/..;....2...............!.......0.............................../....................../......./. ....................text...$........................... ..`.itext... ...0..."...".............. ..`.data...\....`.......D..............@....bss.... ................................idata...;..../..<..................@....didata. ...../.....................@....tls....<...../..........................rdata......../.....................@..@.reloc........0.....................@..B.rsrc.........2......(..............@..@..............5.......!.............@..@........................................................

C:\Program Files (x86)\BurnAware Free\UnpackISO.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1724632
Entropy (8bit):	6.500646018433855
Encrypted:	false
SSDEEP:	24576:N2v7p4I5zw3eOqw0ujdMLjwEBFSJlnhFS0KUjnaaeXcXgECGexDpwT5Lxg5bZ:NgyES6FXS3h1tnadXcXi9aT5L2X
MD5:	4348EB48837517BCD6D3C1F62AA87896
SHA1:	6D9F6CF08237F06FCCEC6BF81E5941A3681B9CE1
SHA-256:	2CA2D2B3D68D9D5FE71A927A051B355158A3C9FAC3BB0810472B06F796639825
SHA-512:	64B429798C4B93532F966652B74D76A34ABDB90B3F5B087220815A28301E5B9D02684713ED9FA3D2244FC5A0B6D72D8A050317D1089C0C74DE84E26B97D43DC2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....2[.....................x....................@..............................................@............................(..8..................<.......P).p............................@).......................(...... ). ....................text.............................. ..`.itext........... .................. ..`.data...H{.......\|..................@....bss.........P.......@...................idata...8....(..:...@..............@....didata. .... )......z..............@....tls....<....0)..........................rdata.......@).....................@..@.reloc..p....P).....................@..B.rsrc............... ..............@..@.....................<..............@..@........................................................

C:\Program Files (x86)\BurnAware Free\VerifyDisc.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1550040
Entropy (8bit):	6.460281125947317
Encrypted:	false
SSDEEP:	24576:vNanyO0LRZBCH6wYtQ61QkDBrSeTchSRpevKM5qC5gT+VCBpwW:vrbZXNStsevKM5pyTtBp5
MD5:	35C1484D5AB51E9127FFF29F1EC5E8BF
SHA1:	642B15CAC9E614564BEF6EC1554D271490C9DC4B
SHA-256:	223B5A52DB60618BE714B319C0F000E040B48E1BE6ACB9DFEDFD674844F744FC
SHA-512:	4D62E252A0321312FF980B7FEEDE6FBBE2B5543FBA4DEBED19D1E709847811BABC4EB4731F74B37BAE0F266EE4A8054E0ACEEE71A829CDFA5D6C54D8E7AB85E9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....2[..........................................@...........................+..................@............................&.\5....(......................P'..{...........................@'.......................&.,.... '......................text...X........................... ..`.itext........... .................. ..`.data...@y.......z..................@....bss.........P.......4...................idata..\5....&..6...4..............@....didata...... '......j..............@....tls....<....0'......n...................rdata.......@'......n..............@..@.reloc...{...P'..\|...p..............@..B.rsrc.........(.....................@..@..............+.....................@..@........................................................

C:\Program Files (x86)\BurnAware Free\badecx.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	578776
Entropy (8bit):	6.655075918317694
Encrypted:	false
SSDEEP:	12288:LAlJu8NZLfIzUipVPgJ0//B9wEi9vKpzp2ZVNF5BBceV8z5U:LADuS1ywJgCl9yppoVD5BBceV8z5U
MD5:	3F8FF7F25E3834DB92B0DE00621FD437
SHA1:	C0A94BC6C371ADCC8AB490A6A90CEF99117A6562
SHA-256:	CAB385455ACA791F41E01FEEC3B9DE61D2F0449E1018A075AF22219ED5D201B5
SHA-512:	454D6463EDE1AB92C152AF1CD68DB55A14BFFCC2E2470ABEF0B5A360D42D7F8B6A2162E2AD6C06DDA4D29E4258CC237B2C7632CA6B179070B0B5E8F6DD842BC5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m M0)A#c)A#c)A#ctc(c(A#c.]-c2A#ctc)cJA#c)A"c`A#cK^0c,A#cvc(c.A#c.a'c(A#cRich)A#c........PE..L...l..9...........!........................ .......................................E...............................(..........<...................................................................................(................................text...z........................... ..`.rdata../.... ....... ..............@..@.data........0...P...0..............@....idata.."...........................@....reloc...*.......0..................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\bamainlib.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3017432
Entropy (8bit):	6.571487341115199
Encrypted:	false
SSDEEP:	49152:i9TAxIGE68oFvXexWTBQH8HHGGdnFBZHbtNsvL70VlSQhGFCbHDauRAXHWB/JABk:mTAxHKaQHyHGGdnF7BNsD70VlSQhGMXB
MD5:	E0B2CF5ED07CFFC970C50EAAB3451043
SHA1:	30A7480E8FAA8A7494F7163CD95CA0D6FE7D8D3A
SHA-256:	1B0F5A28F4CDC6BEF0808239DA4B7138B16166A3574276F619BA5169FF09D351
SHA-512:	5F91E45D2BF717ED720F4D91955EE65B82EF265725F3B8F08E01398636B542AA81A5EADBB631D3FBD2EB2A2C84310A0DA6DC2BBF5B316F7973C5C6D34B24846A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l....................S........b........]............................b..0....b.......b.......b.......b......Rich....................PE..L....GjX...........!...... .........[.........!...............................>.....M.....@......................... =(.....8.(.\|.....9.VZ............-.......;.8.....................................$.@.............!.x............................text..... ....... ................. ..`.rdata...Q....!..R.... .............@..@.data...h9...`(......<(.............@....rsrc...VZ....9..\....(.............@..@.reloc.......;......R*.............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\bamedenclib.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2710232
Entropy (8bit):	4.449689803792709
Encrypted:	false
SSDEEP:	24576:NL50dQ1nZACUQtQ20BJ3KaUjZG44v7JyvVasNerG747HlhNh:NL5+IAbwQ2UKtIVzkv4s8rGGFhNh
MD5:	D858A70BFD136126C43755BADFFF7C80
SHA1:	EA1C9003429396AE211526E6E650A0F5B2E54856
SHA-256:	A6DC15E8104C7E246FD63E57BEBEB4645E2FB034743DE1E9F0EB23CA4FF5036B
SHA-512:	D005F3A39FF973912AA452459CDE1E3A03AC8CF63721734D0E73163D7897500CBBD165803138E36E4915A482DEF7F08D34E08CF440ADC24B5F6DC0FAC7726518
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............j..j..j......j.)...j.)...j.....j..k...j.)..X.j.)...j.)...j.)...j.Rich..j.................PE..L.....[O...........!................%q........................................*.......)...@..........................G'.X...$='.P.....)..............F).......).......................................&.@............................................text...^........................... ..`.rdata...\|.......~..................@..@.data....8...P'......6'.............@....rsrc.........).......(.............@..@.reloc..R.....)......0(.............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\baplayer.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1004760
Entropy (8bit):	6.827276750755658
Encrypted:	false
SSDEEP:	24576:Rck4lJqowqlZbVFfSWLfipEJWzzauTlG7WpiH3Y92:R3sVFfnLficWSuhGKpiH3Y92
MD5:	AF55D432BA090E333B4115B20A0684F9
SHA1:	D1B0D9060B7F30FC2AB3EF5297A8341698BB638B
SHA-256:	31E54D819597B90FA668141204A5862D4669D696232C2D709094A4972EBBD8F5
SHA-512:	B100B43EA1C94F82C7B907F1458E5598C5408BE7FC1A599B718B0FE43E5E7B27D913B5E128EDC68AA41E5DE1A83DD48B0DF579D0B5F2337172C4207E4224541E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Zy..Zy..Zy.....^y..}...fy..Zy..Yy..}...Wy..Y..Xy..}...px..Zy...y..v..Qy..}....y..}...[y..}...[y..}...[y..RichZy..........PE..L...p..K...........!.........P.........................................................................................Q............................@..........0\|...................................1..@...............\|............................text............................... ..`.rdata..!...........................@..@.data...............................@....rsrc...............................@..@.reloc.............................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\bashell32.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1337048
Entropy (8bit):	6.551634819186885
Encrypted:	false
SSDEEP:	24576:mdw4IDLMqHhkKfg18tEBhw6PBQSY4irrCi1ocBoM3Icij77M:mdwttBx6PSSY4iboMfijPM
MD5:	C28B8514752068017D0549D512A92995
SHA1:	BFFE081E502DBF1EFEF5F4427FDCAB0C15F76583
SHA-256:	5ADD3A389504588123F7FEC33D5F5615D13D5AFBF682B25E04A20DBC5F81C63A
SHA-512:	68F8475161F25ED41B8EC72F233B6DDA7C95752662AB6C8BD2A12694574741C1390E058F8D470ECFE21D3164083475FDF09651D7C165D428224472659864AAE6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....8.Z............................d.............@..........................................................................p...5...p...............R..............................................................y..L............................text............................... ..`.itext..\|........................... ..`.data...L:.......<..................@....bss....0T...............................idata...5...p...6..................@....didata..............0..............@....edata...............8..............@..@.reloc..............:..............@..B.rsrc........p......................@..@.....................R..............@..@................................................................................................

C:\Program Files (x86)\BurnAware Free\bashell64.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2128600
Entropy (8bit):	5.92597532283096
Encrypted:	false
SSDEEP:	12288:d1GA4AOyb8SyFXjZKJ4Sb9bnNBNSKyXSYt/R+Mt9tAFp51kSgdExIXVyk00y/Zml:dQFAZNBNSKyXSYt/R+CAzjkSPmV4+H
MD5:	CD32BE24426955B5141204FA035CA6B3
SHA1:	6AEB4836B01ED01DA3CAB689A3B8E108FE411C9A
SHA-256:	E5D7E21FA3ED144228D7500C5C3E41EB8F2AAFB581741854092BF3F2BAE1F937
SHA-512:	90884D1EE59007616B3B8783E212F61474318342B2831FA40A0400A6BD8D14846E1224CFFC285BB43ACF177EE81D544A034BBB989D2F624FED7A63C2BCFC3004
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..d....8.Z.........." ................ .........@..............................P!.......!.............................. ..........................LF.... ......`..0Y...f ..........G..................................................@................................text............................... ..`.data...P,..........................@....bss.....................................idata..LF.......H..................@....didata..............2..............@....edata...............>..............@..@.reloc...G.......H...@..............@..B.pdata..0Y...`...Z..................@..@.rsrc......... .....................@..@.............P!......f .............@..@................................................................................

C:\Program Files (x86)\BurnAware Free\bass.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	124060
Entropy (8bit):	7.95689673801651
Encrypted:	false
SSDEEP:	3072:h4Ht0B1105GzXyO6vvasTeprZKYQ+U1YUjJ09d:qs11IdPvCUef519d
MD5:	68523838F432A39A764B5FD4E4DD14CF
SHA1:	46F09323FECCFEFA3AA1D5940D9BF09A2A14351F
SHA-256:	EFB350839CBE0074F799A28EC76513C32E2CB1ADC85CEBA527859EC36B1B5FB5
SHA-512:	468C3AF4BC3154882217676E9EE9EB29C623F0DC4BE951175D6D93281A9449616803499D7B19A26D0C0E6F18C976D7BE32FFD4C7A50AFE0D6D72E6ADB60E383C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....WFZ...........!.................@.......................................P............@..........................B.......A..........@...................0.......................................................<B..H...............................................................@..@.rsrc...............................@..@......... ... .........................@petite.......@......................`..`....................................]......Y....z\|y.....GqOn=..2Z.". ..hV..caQ...N.N.VQ..w.O5.Q..pH.=@.`....H...xi..De 06j..Z.?).n\|.`68..8:.0..EI.X..v0.!P...t.@....Z.q5.....d(..~.&...%..&.sFl.A....H.1...g+........_B..."...SOZVLSGRCWJ.o..^F[C............1.f.......t(."0?.9W....2...P....:2...F..O...a&.J.7L,...4.../.1.....c<.Q...2.x0&..618F...Q.QPu.%...:q..........a...1m=.0..D..\./.!............B...Z....!..Q%....#...n.`..1...C(Rd...z..7....3....8;wI1.b.....,]..O..zo.QKl/.6...Y1TY....w.....(.K.N..m3.......,K

C:\Program Files (x86)\BurnAware Free\bassenc.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19396
Entropy (8bit):	7.541174332849443
Encrypted:	false
SSDEEP:	384:KobrFPWMgug1kD3uxnqtpJUBGWFXO1H6OGZ9k0yKfg5io/s2R9SzK0r8pD2:KovFPW7Gyp0JsXOYOGZ9k0XfgC
MD5:	74B6071109D2FA2B27B75BD3CC100BBB
SHA1:	0038A6A686EEB5BD082A4FB32413A48D4D0F1AFF
SHA-256:	8A3391210D0CDEBB06B0292D0DF9CEC3A2BBCBCA0B99979B65143B0568F04106
SHA-512:	CCEA98DA1F00A8AC159703AE13F92748DB2D323B94E91B361D6D136515D0C715D394FAAE5A52664F96F1452D4B5F820EB1B4773A37F0D82C094DAAECA1ED8E17
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...................................D.... ..PE..L....v.V...........!.........D...............p............................................@.............................................@....................N......................................................"...H............................................@..................@..@.rsrc................B..............@..@.......................................@petite...............F..............`..`..........................................>m@.SE3..f..H4\....5b.31bo.. ..w.#&-..h.....D@....QfS......S.<..m.g..T&\|h.@.J..._.(.)..D.....=#.H.0..J.F......I.Mg......B...f...k.V..........B.~.C..\|..."p./...?.[..k.o[/R..2...:Z?N...8.Z..^....."........ .h..8LQ.e..T1[.eX...'(.D..!R..o....J....+..P..9..PDC..... RZ..Q....:...J0.e:c..@.iW...2..<.&{.5....zZ..?.D.${..:...:\L.....v.s12..{..ezU[...4a..l....#p../?m.;...\|8+@Myo3...f)....z....J7..slp...5.....d...f2.i.....G.......A.+"g......z&,..=3.39j../..,h.Z...[.F..

C:\Program Files (x86)\BurnAware Free\bassflac.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24844
Entropy (8bit):	7.754417060273362
Encrypted:	false
SSDEEP:	768:q4r9klplrstQxDCPbUJT/tYunwvPwHP9MeO528W:q4usiv/tYCwvPUPt8W
MD5:	3CA82F8E39DE39A50C13474905EF2D65
SHA1:	57694C057C49532632113EA5E0A14C1B9023E0EA
SHA-256:	03507E3FB3B2DFDA8A79FBD4A745B1D401CDE8C9F939FEFD48678C42F211DCDB
SHA-512:	0196D3CB83F04CFA93EA0E80EF8DAB28FE7EC89E3E4D6552929B8ED8B59FA76B8E571066BAAA02665D3B45BF54E7F15B2C025AF4D313E0BCA4CD52DC3A9990C1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....9.Y...........!.........\............................................................@.........................P...........d.......@...................<g..........................................................8............................................X..................@..@.rsrc................Z..............@..@.......................................@petite...............^..............`..`...................................... ...F..O.L$+^..N\.m.:.5...../...?.@....<.6.u ..%.l+.c."..l.9...7R9R........&.i.......h9...`."..o...0.....i....Y.....2..F.J...I..XP,.+.l..qP.~X.g\|.D.%f..@.Pu._.s...pW'Tc.....1hP.\.L.E...63.2..4L...g..PY9.\|.&\|...P..-X..YA...,.....5...h.j..;..B..v.$2.%....2.W.....e...i..e.2..\..R...B.......>.x.i..<.:..$I.....>..I.....BK)..k.h..JQr\|\|...%m.;.a..9.P!.\|Y`.#.jyy.b.=..>1d...M.HM..C.\T.T.0.....jp............}...U..(n;0.j.....]8....2...QD....H1"....w...=w.p..8.....U

C:\Program Files (x86)\BurnAware Free\basswma.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17733
Entropy (8bit):	7.598626308964297
Encrypted:	false
SSDEEP:	384:OPR8697gJWJ/IAzOvfHNfd+E5hHkCwp0jcGDv6K0Ww:2Po2IA+fNfcEfHkCwqjcUlw
MD5:	D2177355BECCFDBC1E7B5C687DFBA290
SHA1:	0557F3883AA8EABEFA6A110A08CF549117FD1901
SHA-256:	A844247B7CDCAC1A5F61C604E4DB111B274616C0EB19A70CDFB073C8C2F3B375
SHA-512:	7E5CE3047E4661969A3827B225F1B88F80BFEA221549E37B406DA52D1C51F60667340BB1A074F96A516D185979AB5E298FAB76BF5789CE7EE34B399FD2BDFA3C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....N.W...........!....E....>...............`............................................@.....................................x.......@...................lI..........................................................@....................................p.......:..................@..@.rsrc................<..............@..@.......................................@petite..E.......E....@..............`..`.......................................`.......`...>..z...........E2.dzo..[..^..7..m..&.@...6.@...5...d`o.O.:IPx.......... !......"H(-_.L.......X....P.j.........J..7l.I3j.)...u's...3y.t...!W..[....1...Z1......5....C~t@`n...L..x.....5.H9.R\..c...r..1.C....(....9..S..-c....@.3..."gZ..d..j}...@lv.e!;.R].....$\|e\|`...%.P..IV...x.4D...h.!.>.kg.i.......... .DAC...mfz.W!K.P.k...p...h..9}..ze...2....a..g..[y....P@.=........?.I..G.......qO...qo......m....Q....L.O....h.~4..95.".y..m4u...cBUH...y.S$i.8q

C:\Program Files (x86)\BurnAware Free\bawmalib.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	300248
Entropy (8bit):	6.398876873804225
Encrypted:	false
SSDEEP:	6144:KeiRTXptFP/h16je0F0T99C1FfEObNOiuG9mAO4iBd:fiR9/nIe0CTvC1Fx2Fd
MD5:	255F8B5BA8FCED381089981B95C6AB61
SHA1:	D20CEEC8693362C6651EDD55823B3675A8AC0AA3
SHA-256:	92B98D076993159D70B36C129B4508815A9C4E34532669F2B4F95D589FCC6BF6
SHA-512:	430E218EC8EF80A70CDF258A3A51D2EC77A5A59433C3D8476E3B9EE3023EDC59602214106330F5C65FEB5575420A2CEA8A8ABDCDED43DD8102670730F7210CF3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................................u.......u.G.................;....u.....u......u......u.....Rich...........................PE..L....q.J...........!.........p......,......................................................................................L........`.......................p..\..................................x...@............................................text...>........................... ..`.rdata..............................@..@.data...d........@..................@....rsrc........`......................@..@.reloc..dY...p...`... ..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\burnaware.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	102640
Entropy (8bit):	7.810597006099471
Encrypted:	false
SSDEEP:	3072:gIvgrB9Fg4mqOXEBL6sZqRF7kB+F/Uq+2:gIyg4mSu6sFIB+Fsg
MD5:	C2D09407D88D80FEEE01A5BA49158EEF
SHA1:	E7B66B693EECB22232159A502F3E51C0F4D7280B
SHA-256:	1D101980FBB738DB9BA98901B3A46CB9FECDF174BD0981262B78F97AD9736CD4
SHA-512:	24E1AF4770EA46E8140FB0A1AB9F094E54454948B30BB2B9CACA9159E658BD827908BA4A073C3187177F7EABFC032665B27566221644D5E94A9DBA37621A4341
Malicious:	false
Preview:	ITSF....`.........V........\|.{.......".....\|.{......."..`...............x.......T......................................ITSP....T...........................................j..].!......."..T...............PMGL^................/..../#IDXHDR...\|.../#ITBITS..../#STRINGS......./#SYSTEM....<./#TOPICS...\|.@./#URLSTR...l.../#URLTBL...<.0./#WINDOWS...$.L./$FIftiMain...x..../$OBJINST...9.?./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree...t.L./$WWAssociativeLinks/Data...@.G./$WWAssociativeLinks/Map....../$WWAssociativeLinks/Property.... ./$WWKeywordLinks/..../$WWKeywordLinks/Property...p../audio_cd.htm..4.../audio_grabber.htm..F.s./blu-ray_disc.htm...9.l./boot.htm...%.8./boot_disc.htm...].9./btn_home_h.gif.....d./btn_home_n.gif...d.X./btn_next_d.gif...<.../btn_next_h.gif...F.../btn_next_n.gif...S.5./btn_prev_d.gif.....g./btn_prev_h.gif...o.b./btn_prev_n.gif...Q.../burn.htm.....P./burn_image.htm...f.g./burnaware.hhc...B.4./burnaware_popup_html.js..../button_closedbook.gif...k.u./button_openbo

C:\Program Files (x86)\BurnAware Free\is-0KLJU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 64x64, 32 bits/pixel
Category:	dropped
Size (bytes):	40426
Entropy (8bit):	3.8853121111300246
Encrypted:	false
SSDEEP:	384:/0xZ9ubhnD2LXMyQwNHnudJv31xtplGsUsgL:/8AxD2LXMyZsJv+L
MD5:	BDB8D4677CEA3AAB8A33C99BBA4A4D0A
SHA1:	3DCE6ABBC37FD5DE1894430D8976C1F2CE206415
SHA-256:	9D9BACE04F18D8E22D492DF129C3E8B762BFB35C42DDF4FB775E7D8E42AAFF3D
SHA-512:	CDC05588C1E3666FD6ACF835327F028808A7FC0120DC720255E9E8FF7109283307C4EDF89FDE26906A20F13C02CDAA11EA8C90B205A028AA2CF56416C72B1F0D
Malicious:	false
Preview:	............ .....f...@@.... .(B......00.... ..%...Y.. .... .....R......... ............... .h........PNG........IHDR.............\r.f....pHYs..........o.d....IDATx...}pT....I...4...."+.5.8.....@UL.d3.H.V,..n;s..2.s....v...v.Z.o..R.,.S.\V.D..1...$@.iR.."..c.HB....M..gf.!...?$..<.y......\|.......IY.%........J..MU.\.W.x..u.....t......."...(u............]...........2zNU...Bv...D......S.........5...7?E0....%.]..Og.r.!N..{.i$......L..6s.. .. ...hii...2.C.=....Dv.>..8:.H..C......l.. ....4c...@.knn...D.2.,.. .......iii"....b..#...r.J......i.a..HMM.i.......5}.t.~.....0..q3f........_G...........,_..!`3..%...,].T.9C....J....[D.3......SSS.........0.().7........qb.P.?.>...Z....80.(.]w.uX.`.hs..A..Jz7.p....D.3..`...x.b.;W.9C@......&.=[.9C@.....n..555....:..4..\|....+E.3.40.h.III..e.PUU%..C ....I)))..w.../.\t...(..4f.....n..^*..C`....i...X.b......M..C0.h.KMM..w...r.M..Q............2.M..`..8.....+W....D..`......U.V...Xt..C..@.Nzz:...QPP ...!...q)++..W...^(...!..

C:\Program Files (x86)\BurnAware Free\is-1CK0H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1004760
Entropy (8bit):	6.827276750755658
Encrypted:	false
SSDEEP:	24576:Rck4lJqowqlZbVFfSWLfipEJWzzauTlG7WpiH3Y92:R3sVFfnLficWSuhGKpiH3Y92
MD5:	AF55D432BA090E333B4115B20A0684F9
SHA1:	D1B0D9060B7F30FC2AB3EF5297A8341698BB638B
SHA-256:	31E54D819597B90FA668141204A5862D4669D696232C2D709094A4972EBBD8F5
SHA-512:	B100B43EA1C94F82C7B907F1458E5598C5408BE7FC1A599B718B0FE43E5E7B27D913B5E128EDC68AA41E5DE1A83DD48B0DF579D0B5F2337172C4207E4224541E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Zy..Zy..Zy.....^y..}...fy..Zy..Yy..}...Wy..Y..Xy..}...px..Zy...y..v..Qy..}....y..}...[y..}...[y..}...[y..RichZy..........PE..L...p..K...........!.........P.........................................................................................Q............................@..........0\|...................................1..@...............\|............................text............................... ..`.rdata..!...........................@..@.data...............................@....rsrc...............................@..@.reloc.............................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\is-1NOV0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1439960
Entropy (8bit):	6.459374732571663
Encrypted:	false
SSDEEP:	24576:g1Y2Zf4AVKcuPVmsmgreaBtSLNomKP5WzSe3yjvTGK/k:af4Ag/SYP5WzSe3OTGK8
MD5:	D636263A0C8B6D3E1E09A3C6F512DD07
SHA1:	9D15830E18D428DBCFB098DB8781BDF8269CD14C
SHA-256:	8E19C44FFB6C9F2990EC70D0C3793AC2DBC0D4D054FC451FC9CD4A39C5F1DF82
SHA-512:	07BA604C7CCA094B512CDF746BC943F3546501C044E3FD2CABFA3B9D92454476306C0AF555342ACF045DA7083F40659CA81E168079353432DFD8112AF6F28BAF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................~...b......t.............@.................................;d...........@..............................j0...`...T.......................j.....................................................t............................text...$o.......p.................. ..`.itext...............t.............. ..`.data...<h.......j..................@....bss.....{...............................idata..j0.......2..................@....didata.............................@....tls....<............"...................rdata..............."..............@..@.reloc...j.......l...$..............@..B.rsrc....T...`...T..................@..@....................................@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-5KE08.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1227992
Entropy (8bit):	6.429619289168852
Encrypted:	false
SSDEEP:	24576:Z7xQFeOBnPU4ObAztEBrS5+cJg2g9hB6QCP11/TvtGoh:9DAy9ST29hB6QCP/Tvx
MD5:	2573FA5EA27B5BFC5EE3EE6CFE9A2EB9
SHA1:	96C74694EA78A9F24958C6B54342532C0F031831
SHA-256:	06B8CA60A33AAFF9F35535AC335559CE452CCDCBB79BF8125A7261BCB583D0AE
SHA-512:	FF48BC9DF0D39B24CE13A7FB32A333A5E50229DD9DD854732D6AE2272C75F7953D5CCB89C589A911B735667B9425D84FE30E21C69AE914863BD3C009FE848741
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................x...,....................@..............................................@...............................0...0...N......................4<......................................................t............................text....g.......h.................. ..`.itext...............l.............. ..`.data....f.......h...\|..............@....bss.....{...............................idata...0.......2..................@....didata.............................@....tls....<................................rdata..............................@..@.reloc..4<.......>..................@..B.rsrc....N...0...N...Z..............@..@....................................@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-6A35E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1278181
Entropy (8bit):	6.457767718219793
Encrypted:	false
SSDEEP:	24576:EnbbPImgK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEt7Afjqx9z1:SHeKh4nqzF3PYdStuWz
MD5:	E2E897166C54B6EE47F0167221C28BD6
SHA1:	973EE8DEB14DBF2B52B8218FC82027BE186F1982
SHA-256:	C9B0BAD8C38604734F0ACAED5C6AA1A3142667E9E17D65838D964169C69C48EE
SHA-512:	EC0B6499C160090CAF95A1E377413DB51E7EDE6D8EB4302C5661558F56288A83AADF24FD0547538C001199A991ABB346520ADB0AFA1D2C861C492C9CA47D2348
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@.......................................@......@..............................@8...@.......................................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc........@......................@..@....................................@..@........................................................................................................................................

C:\Program Files (x86)\BurnAware Free\is-6F2GL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	DOS/MBR boot sector, code offset 0x3c+2, OEM-ID ")TNQ9IHC" cached by Windows 9M, root entries 224, sectors 2880 (volumes <=32 MB), sectors/FAT 9, sectors/track 18, serial number 0x350518e3, label: "BOOT622 ", FAT (12 bit), followed by FAT
Category:	dropped
Size (bytes):	1474560
Entropy (8bit):	6.99474059909904
Encrypted:	false
SSDEEP:	24576:A1o795/aeZ9NJ6P+TqpVj9jyJYNQKj43FuI97CwiQqddnr5O9aH41SflbEkj3eSa:A1EU+TqpVjOYNnPnrw9arIkjuSgog
MD5:	A4A096CAB6079C2CFA88A8BDE0EAC3AA
SHA1:	14F2A0E33B11F047D16DE56E92567C5FAA6C5668
SHA-256:	1AB300A0A54B8F384CC457424EA0D2F3F46BEF11C0172429C6B207B2EC539E6E
SHA-512:	415F5EE18500D442824546002C8B21FC96EAC883BD5844862767381EF05803440115FBD7ACB569A68862FD89E6C11C6B63465895134020520E2070429FD6BFB7
Malicious:	false
Preview:	.<.)TNQ9IHC........@..................)...5BOOT622 FAT12 .3....\|...x.6.7.V.S.>\|........E.....\|.M..G...>\|...ry3.9..\|t....\|.. \|..\|.&.\|...\|...\|...\|....P\|..R\|.I\|..K\|. ..&.\|...\|..H....I\|..K\|......R\|.P\|..r.....r........}.u... ....t...}._.3...^....D...XXX..G.HH...\|2.....I\|..K\|......PRQ.:.r...T.YZXr..........\|....\|..$\|..I\|.K\|...p....t).........;..\|s..6.\|...O\|3..6.\|..%\|.M\|.......M\|.....6O\|....$\|.6%\|.....Non-System disk or disk error..Replace and press any key when ready...IO SYSMSDOS SYS..U.....@..`................. ..@..`................! .#@.%`.'..)..+..-../..1 .3@.5`.7..9..;..=..?..A .C@.E`.G..I..K..M..O..Q..S@.U`.W..Y..[..].._..a .c@.e`.g..i..k..m..o..q .s@.u`.w..y..{..}...... ..@..`................. ..@..`................. ..@..`................. ..@..`................. ..@..`............... ..@..`............... ..@..`............... ..@..`.................!..A..a.................!..A..a................!!.#A.%a.'..)..+..-../.../.3A.5a.7..9..;..=..?..A!.CA.Ea

C:\Program Files (x86)\BurnAware Free\is-7GQL9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3017432
Entropy (8bit):	6.571487341115199
Encrypted:	false
SSDEEP:	49152:i9TAxIGE68oFvXexWTBQH8HHGGdnFBZHbtNsvL70VlSQhGFCbHDauRAXHWB/JABk:mTAxHKaQHyHGGdnF7BNsD70VlSQhGMXB
MD5:	E0B2CF5ED07CFFC970C50EAAB3451043
SHA1:	30A7480E8FAA8A7494F7163CD95CA0D6FE7D8D3A
SHA-256:	1B0F5A28F4CDC6BEF0808239DA4B7138B16166A3574276F619BA5169FF09D351
SHA-512:	5F91E45D2BF717ED720F4D91955EE65B82EF265725F3B8F08E01398636B542AA81A5EADBB631D3FBD2EB2A2C84310A0DA6DC2BBF5B316F7973C5C6D34B24846A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l....................S........b........]............................b..0....b.......b.......b.......b......Rich....................PE..L....GjX...........!...... .........[.........!...............................>.....M.....@......................... =(.....8.(.\|.....9.VZ............-.......;.8.....................................$.@.............!.x............................text..... ....... ................. ..`.rdata...Q....!..R.... .............@..@.data...h9...`(......<(.............@....rsrc...VZ....9..\....(.............@..@.reloc.......;......R*.............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\is-A0FRI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1550040
Entropy (8bit):	6.460281125947317
Encrypted:	false
SSDEEP:	24576:vNanyO0LRZBCH6wYtQ61QkDBrSeTchSRpevKM5qC5gT+VCBpwW:vrbZXNStsevKM5pyTtBp5
MD5:	35C1484D5AB51E9127FFF29F1EC5E8BF
SHA1:	642B15CAC9E614564BEF6EC1554D271490C9DC4B
SHA-256:	223B5A52DB60618BE714B319C0F000E040B48E1BE6ACB9DFEDFD674844F744FC
SHA-512:	4D62E252A0321312FF980B7FEEDE6FBBE2B5543FBA4DEBED19D1E709847811BABC4EB4731F74B37BAE0F266EE4A8054E0ACEEE71A829CDFA5D6C54D8E7AB85E9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....2[..........................................@...........................+..................@............................&.\5....(......................P'..{...........................@'.......................&.,.... '......................text...X........................... ..`.itext........... .................. ..`.data...@y.......z..................@....bss.........P.......4...................idata..\5....&..6...4..............@....didata...... '......j..............@....tls....<....0'......n...................rdata.......@'......n..............@..@.reloc...{...P'..\|...p..............@..B.rsrc.........(.....................@..@..............+.....................@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-BHLQP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2710232
Entropy (8bit):	4.449689803792709
Encrypted:	false
SSDEEP:	24576:NL50dQ1nZACUQtQ20BJ3KaUjZG44v7JyvVasNerG747HlhNh:NL5+IAbwQ2UKtIVzkv4s8rGGFhNh
MD5:	D858A70BFD136126C43755BADFFF7C80
SHA1:	EA1C9003429396AE211526E6E650A0F5B2E54856
SHA-256:	A6DC15E8104C7E246FD63E57BEBEB4645E2FB034743DE1E9F0EB23CA4FF5036B
SHA-512:	D005F3A39FF973912AA452459CDE1E3A03AC8CF63721734D0E73163D7897500CBBD165803138E36E4915A482DEF7F08D34E08CF440ADC24B5F6DC0FAC7726518
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............j..j..j......j.)...j.)...j.....j..k...j.)..X.j.)...j.)...j.)...j.Rich..j.................PE..L.....[O...........!................%q........................................*.......)...@..........................G'.X...$='.P.....)..............F).......).......................................&.@............................................text...^........................... ..`.rdata...\|.......~..................@..@.data....8...P'......6'.............@....rsrc.........).......(.............@..@.reloc..R.....)......0(.............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\is-E51LB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2164440
Entropy (8bit):	6.517328304440149
Encrypted:	false
SSDEEP:	24576:WtaauPx4fUV+ax/PlxBXwCBNS1xOqeW2STMZQRcl6SIjQlDfxhKrXd6TtAOut:rPafavvSv2STMZQRcn88aATtAOg
MD5:	2AA349075A63AA40B009625C3C36C5C9
SHA1:	E3EC33A7EA6FC78CE096B1F3ED223B57E4961530
SHA-256:	75F9B7BF768D2AD9B52C734F9C8BBA08F7360FCC00CB526DF7A56DFEE0F1759A
SHA-512:	36255BDF234A44145C9A06DA3A1A20BA14567B0DC73CD8EF2D35AEFC33C5FB4887CE30D69F1539DA24BCD1812241F8AED7D15BDB3C4FEE38D8399FB852E3D66C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................j........................@...........................4.......!..........@...............................;...01............... ......0/.............................. /.............................../. ....................text....G.......H.................. ..`.itext... ...`..."...L.............. ..`.data................n..............@....bss.........0...........................idata...;.......<..................@....didata. ...../......<..............@....tls....<...../......B...................rdata....... /......B..............@..@.reloc.......0/......D..............@..B.rsrc........01......@..............@..@..............4....... .............@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-GHIDU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	14324
Entropy (8bit):	7.652105290311656
Encrypted:	false
SSDEEP:	384:uJsyVJWQTkvwm96zI7QvGIdfjMrE12S6zt+q9JVeJSwrWK0C:uNVkgvm9QIYfAYVotthvw5
MD5:	6F26A1A5D165272BA48F45BC0B79750E
SHA1:	01E410C26CDDB4D413609D867ED0B9B9E524C1C0
SHA-256:	5B97117B37D3CF1EDA8AFA90D872E4D2A74C5E59FC925E637AD1290865F582E5
SHA-512:	A7570ED8AE48574E44CB7EA04A796295657876B7A0F9B8F67D16CFAC0FEDDA1D02A4631F711195CD070AECCC8C7CA2AC2F23D28BF9DA8FA06BF2A101C53AB60F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\BurnAware Free\is-GHIDU.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L...2h.V...........!.........2...............P............................................@.....................................x............................?..........................................H...............@....................................p.......0..................@..@.rsrc................2..............@..@.......................................@petite...............4..............`..`.........................................c.l.`#..j.Z........ b.E.!N...I.........K.\|....fv...ZF.1G...".w-.^f$..H..,\..U..D:.......I...n...HXg.....0.....Q.0 .8...\|..,.;.PY..RU.".....l.1...E6^..4P.K8..K.@.1.W(R..)..k.y.a._..t.t6.3qD...P../..m...m..T...P.R.\.......O....g........6..QL6.z..Y...........*f.d..+..7B....k.........<.}z0.Kmj..{%".Fg?.).Q...E.>.Y...P.t.........Eg..w..R..P.4...T.CZ.._.U..T...zt4........p. ............?.........X..,+...@..=....!{..rs=..QzY..~..0.y.D....D........Y<^...-C....$.T...

C:\Program Files (x86)\BurnAware Free\is-H5TJJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1802456
Entropy (8bit):	6.520785784660294
Encrypted:	false
SSDEEP:	24576:MhUTyZQFMCiQonb6M9+yBKS4pEj3TihQXahcwgwux/Xl6jGyTtKMf:4qiTsSeGahc/wuxfADTtKE
MD5:	9791043AE6ABEBF8179899AADCAA6235
SHA1:	B53C8E37444D1B7D45150261A8DFADFF081148E4
SHA-256:	865D2CF4B136FF4B5EC65E97F1BCA6852567D8F9887021B790332B789B32FF03
SHA-512:	FA9B37F90113410DEDDC68547D07D2E80963C3CD45489D9A24D64D6746E64F1EFC5DCF2E1B09E2B3CAC4F5C07E656B5C10709B4507994ED94A242A7F3AD77B07
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.........................................@..........................P/..................@............................)..8....+..p...........l.......0.T............................ .......................)........ ....................text....f.......h.................. ..`.itext... ......."...l.............. ..`.data....{.......\|..................@....bss.........0...........................idata...8....)..:..................@....didata. ...........D..............@....tls....<...........J...................rdata....... ......J..............@..@.reloc..T....0*......L..............@..B.rsrc....p....+..p..................@..@.............P/......l..............@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-IKG3F.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2048216
Entropy (8bit):	6.523206686484186
Encrypted:	false
SSDEEP:	24576:j1H4xy4kR3za8sVPggUuBFzmBLSFRBNTvgADqjuOr75S6UMDmc9rO3T4JkQjy:jou9SzDiFr75S65Dbx6T4iX
MD5:	E5D98861DD116EDA1908CF22D466CD45
SHA1:	A689C7B7ED7C0E4346E1BA7FBEE00997F0B70F08
SHA-256:	0CD6431FA27A99E40FEE93B5741A3CED349F56609A9E9A75EF10859AF3DDF674
SHA-512:	6715E64D594401D60AC144DBC799C4F2E0EA99F5DE2FD46DC8BE111BCFFDEE0F27C246961B0561166389EBD7A569F29680AA48B328894F8C9F227E3428DC6FCA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.....................P....................@.......................... 3......< ..........@............................-..>...p/..............,........-..............................p-.......................-.\|....P-. ....................text............................... ..`.itext..< .......".................. ..`.data...............................@....bss.................\...................idata...>....-..@...\..............@....didata. ....P-.....................@....tls....<....`-..........................rdata.......p-.....................@..@.reloc........-.....................@..B.rsrc........p/.....................@..@............. 3......,..............@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-IS776.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2121432
Entropy (8bit):	6.495534230734781
Encrypted:	false
SSDEEP:	24576:dkaUj1cbQ5aRqDoAEzWoG5zYBbSuEl9ZTvmUBlHwedEIPp3dNmKyiLxNpmwGjh6U:Bqb8lST5+UBlHweGIPpNEdUTQ
MD5:	8586A5A100F5CBA368B0097494AB2F35
SHA1:	9C902450F0DCD458B3FB3B67F5D8621FB28BF094
SHA-256:	72F0505C570B9BAB6E54D92B0A335D40105453EECB3C631FEF2344A867A8EA55
SHA-512:	E4146E7DD9310C9BDC221074E209A0CB42FB759E1858D6FE8C45DAE2501E4B142BBE8413E6579B90F691DBC4B195D79C6064A97E864D12E366613E2B217FCC85
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....2[.....................,...............@....@..........................P4....... ..........@...........................p..B;....0..d...........J ..............................................................z.......... ....................text............................... ..`.itext..< .......".................. ..`.data...x....@......................@....bss.....................................idata..B;...p...<..................@....didata. ...........................@....tls....<................................rdata..............................@..@.reloc..............................@..B.rsrc....d....0..d..................@..@.............P4......J .............@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-LOF7V.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	102640
Entropy (8bit):	7.810597006099471
Encrypted:	false
SSDEEP:	3072:gIvgrB9Fg4mqOXEBL6sZqRF7kB+F/Uq+2:gIyg4mSu6sFIB+Fsg
MD5:	C2D09407D88D80FEEE01A5BA49158EEF
SHA1:	E7B66B693EECB22232159A502F3E51C0F4D7280B
SHA-256:	1D101980FBB738DB9BA98901B3A46CB9FECDF174BD0981262B78F97AD9736CD4
SHA-512:	24E1AF4770EA46E8140FB0A1AB9F094E54454948B30BB2B9CACA9159E658BD827908BA4A073C3187177F7EABFC032665B27566221644D5E94A9DBA37621A4341
Malicious:	false
Preview:	ITSF....`.........V........\|.{.......".....\|.{......."..`...............x.......T......................................ITSP....T...........................................j..].!......."..T...............PMGL^................/..../#IDXHDR...\|.../#ITBITS..../#STRINGS......./#SYSTEM....<./#TOPICS...\|.@./#URLSTR...l.../#URLTBL...<.0./#WINDOWS...$.L./$FIftiMain...x..../$OBJINST...9.?./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree...t.L./$WWAssociativeLinks/Data...@.G./$WWAssociativeLinks/Map....../$WWAssociativeLinks/Property.... ./$WWKeywordLinks/..../$WWKeywordLinks/Property...p../audio_cd.htm..4.../audio_grabber.htm..F.s./blu-ray_disc.htm...9.l./boot.htm...%.8./boot_disc.htm...].9./btn_home_h.gif.....d./btn_home_n.gif...d.X./btn_next_d.gif...<.../btn_next_h.gif...F.../btn_next_n.gif...S.5./btn_prev_d.gif.....g./btn_prev_h.gif...o.b./btn_prev_n.gif...Q.../burn.htm.....P./burn_image.htm...f.g./burnaware.hhc...B.4./burnaware_popup_html.js..../button_closedbook.gif...k.u./button_openbo

C:\Program Files (x86)\BurnAware Free\is-MNMMR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	300248
Entropy (8bit):	6.398876873804225
Encrypted:	false
SSDEEP:	6144:KeiRTXptFP/h16je0F0T99C1FfEObNOiuG9mAO4iBd:fiR9/nIe0CTvC1Fx2Fd
MD5:	255F8B5BA8FCED381089981B95C6AB61
SHA1:	D20CEEC8693362C6651EDD55823B3675A8AC0AA3
SHA-256:	92B98D076993159D70B36C129B4508815A9C4E34532669F2B4F95D589FCC6BF6
SHA-512:	430E218EC8EF80A70CDF258A3A51D2EC77A5A59433C3D8476E3B9EE3023EDC59602214106330F5C65FEB5575420A2CEA8A8ABDCDED43DD8102670730F7210CF3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................................u.......u.G.................;....u.....u......u......u.....Rich...........................PE..L....q.J...........!.........p......,......................................................................................L........`.......................p..\..................................x...@............................................text...>........................... ..`.rdata..............................@..@.data...d........@..................@....rsrc........`......................@..@.reloc..dY...p...`... ..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\is-O783M.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1538264
Entropy (8bit):	6.488992484377018
Encrypted:	false
SSDEEP:	24576:NXOpC0NNHAxRVJG0WdKM6BHS2xVDkGcM3qBSsEXmgTm8ELlOR:Njyo5SUu/M3qBSsEFTCLl4
MD5:	3B9CA55AAA6C2F1089F04317A1D0ED5C
SHA1:	D263CC81CDBE420F45B26BB46FBE367E0DBC5AAC
SHA-256:	6615AFC9218EC2AC5A9FC52C3195316BF2C7F3D1F015EEB505082A3541DF5451
SHA-512:	202EF63DE215AB5A9B94B753855276971782F617C8CECA8B92803D0DEAAE53BF222A20C6BD565CC0AB5E5B3515BDD6134F7F76BB2F91CA543504F9CE67FFA809
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................`...........n.......p....@..........................0.......S...........@...........................`..:5...`...............d..........8....................................................i..,....... ....................text...,N.......P.................. ..`.itext.......`.......T.............. ..`.data...pj...p...l...d..............@....bss....t\|...............................idata..:5...`...6..................@....didata. ...........................@....tls....<................................rdata..............................@..@.reloc..8...........................@..B.rsrc........`......................@..@.............0.......d..............@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-OI7KV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24844
Entropy (8bit):	7.754417060273362
Encrypted:	false
SSDEEP:	768:q4r9klplrstQxDCPbUJT/tYunwvPwHP9MeO528W:q4usiv/tYCwvPUPt8W
MD5:	3CA82F8E39DE39A50C13474905EF2D65
SHA1:	57694C057C49532632113EA5E0A14C1B9023E0EA
SHA-256:	03507E3FB3B2DFDA8A79FBD4A745B1D401CDE8C9F939FEFD48678C42F211DCDB
SHA-512:	0196D3CB83F04CFA93EA0E80EF8DAB28FE7EC89E3E4D6552929B8ED8B59FA76B8E571066BAAA02665D3B45BF54E7F15B2C025AF4D313E0BCA4CD52DC3A9990C1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\BurnAware Free\is-OI7KV.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....9.Y...........!.........\............................................................@.........................P...........d.......@...................<g..........................................................8............................................X..................@..@.rsrc................Z..............@..@.......................................@petite...............^..............`..`...................................... ...F..O.L$+^..N\.m.:.5...../...?.@....<.6.u ..%.l+.c."..l.9...7R9R........&.i.......h9...`."..o...0.....i....Y.....2..F.J...I..XP,.+.l..qP.~X.g\|.D.%f..@.Pu._.s...pW'Tc.....1hP.\.L.E...63.2..4L...g..PY9.\|.&\|...P..-X..YA...,.....5...h.j..;..B..v.$2.%....2.W.....e...i..e.2..\..R...B.......>.x.i..<.:..$I.....>..I.....BK)..k.h..JQr\|\|...%m.;.a..9.P!.\|Y`.#.jyy.b.=..>1d...M.HM..C.\T.T.0.....jp............}...U..(n;0.j.....]8....2...QD....H1"....w...=w.p..8.....U

C:\Program Files (x86)\BurnAware Free\is-OPUI7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2128600
Entropy (8bit):	5.92597532283096
Encrypted:	false
SSDEEP:	12288:d1GA4AOyb8SyFXjZKJ4Sb9bnNBNSKyXSYt/R+Mt9tAFp51kSgdExIXVyk00y/Zml:dQFAZNBNSKyXSYt/R+CAzjkSPmV4+H
MD5:	CD32BE24426955B5141204FA035CA6B3
SHA1:	6AEB4836B01ED01DA3CAB689A3B8E108FE411C9A
SHA-256:	E5D7E21FA3ED144228D7500C5C3E41EB8F2AAFB581741854092BF3F2BAE1F937
SHA-512:	90884D1EE59007616B3B8783E212F61474318342B2831FA40A0400A6BD8D14846E1224CFFC285BB43ACF177EE81D544A034BBB989D2F624FED7A63C2BCFC3004
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..d....8.Z.........." ................ .........@..............................P!.......!.............................. ..........................LF.... ......`..0Y...f ..........G..................................................@................................text............................... ..`.data...P,..........................@....bss.....................................idata..LF.......H..................@....didata..............2..............@....edata...............>..............@..@.reloc...G.......H...@..............@..B.pdata..0Y...`...Z..................@..@.rsrc......... .....................@..@.............P!......f .............@..@................................................................................

C:\Program Files (x86)\BurnAware Free\is-Q109T.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2230488
Entropy (8bit):	6.507196691314208
Encrypted:	false
SSDEEP:	24576:LP7xaFoyifoS3H/OL4NWBPSMOSfaIwwSZ07PDefPmVVDiaBYyYEiiWC/Lh2JjJLD:LMz5ZSVwSZ07PDenMDiaWyO/T3QEJ
MD5:	25620AF6CEB4BCD99655EB2EB5BC6362
SHA1:	D85F9C4B6143FD730724C2A311EC1049C3D695D6
SHA-256:	CD8040B346C6704EC2CC9645702F1535D4D1B9CF6B37DC9B62BEA0AC39019936
SHA-512:	2CA6AC5D2BCED2A54290CAA924B3146FA787480F3776E384DDEEB3E14162902D0CB50961A51D8DF0C2D02A1A702D128CCB12BF373FE08A10A66A04B01E3BE304
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....2[.................@..........$O.......`....@...........................5......."..........@............................/..;....2...............!.......0.............................../....................../......./. ....................text...$........................... ..`.itext... ...0..."...".............. ..`.data...\....`.......D..............@....bss.... ................................idata...;..../..<..................@....didata. ...../.....................@....tls....<...../..........................rdata......../.....................@..@.reloc........0.....................@..B.rsrc.........2......(..............@..@..............5.......!.............@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-Q20KD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2240216
Entropy (8bit):	6.515674271457544
Encrypted:	false
SSDEEP:	24576:9YQlxYiPt1wRr3AJId1qBHSMi2UiHQho+3HxDfzFxPK05M9NyKIbTvhTjQF:+8/5ScHL+3HxDfRxCcTvhTu
MD5:	5BCD29D045C4346F0DC4DC16712608A4
SHA1:	05F58AD366145F9135C583A262C51C558CF48452
SHA-256:	6AE136A1B4ED9E5C1187F466FB304A0A1F42E6E92BD73FBD9C79904D1621E88B
SHA-512:	493718D696513C378139E50ECCF2A69041A37520EAF1F3060E25E6E9C83302FDBA24B3C2744698FEFA8D5D18CBAE6FB8F6B82259A904BCFFFFFC9ACF4400AD4E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................J..........._.......p....@...........................6......."..........@............................/..;... 2...............".......0.L.............................0......................./......./. ....................text....'.......(.................. ..`.itext... ...@..."...,.............. ..`.data...p....p.......N..............@....bss.....................................idata...;..../..<..................@....didata. ...../.....................@....tls....<...../......$...................rdata........0......$..............@..@.reloc..L.....0......&..............@..B.rsrc........ 2......4..............@..@..............6.......".............@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-RELFJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1337048
Entropy (8bit):	6.551634819186885
Encrypted:	false
SSDEEP:	24576:mdw4IDLMqHhkKfg18tEBhw6PBQSY4irrCi1ocBoM3Icij77M:mdwttBx6PSSY4iboMfijPM
MD5:	C28B8514752068017D0549D512A92995
SHA1:	BFFE081E502DBF1EFEF5F4427FDCAB0C15F76583
SHA-256:	5ADD3A389504588123F7FEC33D5F5615D13D5AFBF682B25E04A20DBC5F81C63A
SHA-512:	68F8475161F25ED41B8EC72F233B6DDA7C95752662AB6C8BD2A12694574741C1390E058F8D470ECFE21D3164083475FDF09651D7C165D428224472659864AAE6
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\BurnAware Free\is-RELFJ.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....8.Z............................d.............@..........................................................................p...5...p...............R..............................................................y..L............................text............................... ..`.itext..\|........................... ..`.data...L:.......<..................@....bss....0T...............................idata...5...p...6..................@....didata..............0..............@....edata...............8..............@..@.reloc..............:..............@..B.rsrc........p......................@..@.....................R..............@..@................................................................................................

C:\Program Files (x86)\BurnAware Free\is-RN2GJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	124060
Entropy (8bit):	7.95689673801651
Encrypted:	false
SSDEEP:	3072:h4Ht0B1105GzXyO6vvasTeprZKYQ+U1YUjJ09d:qs11IdPvCUef519d
MD5:	68523838F432A39A764B5FD4E4DD14CF
SHA1:	46F09323FECCFEFA3AA1D5940D9BF09A2A14351F
SHA-256:	EFB350839CBE0074F799A28EC76513C32E2CB1ADC85CEBA527859EC36B1B5FB5
SHA-512:	468C3AF4BC3154882217676E9EE9EB29C623F0DC4BE951175D6D93281A9449616803499D7B19A26D0C0E6F18C976D7BE32FFD4C7A50AFE0D6D72E6ADB60E383C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\BurnAware Free\is-RN2GJ.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....WFZ...........!.................@.......................................P............@..........................B.......A..........@...................0.......................................................<B..H...............................................................@..@.rsrc...............................@..@......... ... .........................@petite.......@......................`..`....................................]......Y....z\|y.....GqOn=..2Z.". ..hV..caQ...N.N.VQ..w.O5.Q..pH.=@.`....H...xi..De 06j..Z.?).n\|.`68..8:.0..EI.X..v0.!P...t.@....Z.q5.....d(..~.&...%..&.sFl.A....H.1...g+........_B..."...SOZVLSGRCWJ.o..^F[C............1.f.......t(."0?.9W....2...P....:2...F..O...a&.J.7L,...4.../.1.....c<.Q...2.x0&..618F...Q.QPu.%...:q..........a...1m=.0..D..\./.!............B...Z....!..Q%....#...n.`..1...C(Rd...z..7....3....8;wI1.b.....,]..O..zo.QKl/.6...Y1TY....w.....(.K.N..m3.......,K

C:\Program Files (x86)\BurnAware Free\is-S8AB8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1724632
Entropy (8bit):	6.500646018433855
Encrypted:	false
SSDEEP:	24576:N2v7p4I5zw3eOqw0ujdMLjwEBFSJlnhFS0KUjnaaeXcXgECGexDpwT5Lxg5bZ:NgyES6FXS3h1tnadXcXi9aT5L2X
MD5:	4348EB48837517BCD6D3C1F62AA87896
SHA1:	6D9F6CF08237F06FCCEC6BF81E5941A3681B9CE1
SHA-256:	2CA2D2B3D68D9D5FE71A927A051B355158A3C9FAC3BB0810472B06F796639825
SHA-512:	64B429798C4B93532F966652B74D76A34ABDB90B3F5B087220815A28301E5B9D02684713ED9FA3D2244FC5A0B6D72D8A050317D1089C0C74DE84E26B97D43DC2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....2[.....................x....................@..............................................@............................(..8..................<.......P).p............................@).......................(...... ). ....................text.............................. ..`.itext........... .................. ..`.data...H{.......\|..................@....bss.........P.......@...................idata...8....(..:...@..............@....didata. .... )......z..............@....tls....<....0)..........................rdata.......@).....................@..@.reloc..p....P).....................@..B.rsrc............... ..............@..@.....................<..............@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-TTUUJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17733
Entropy (8bit):	7.598626308964297
Encrypted:	false
SSDEEP:	384:OPR8697gJWJ/IAzOvfHNfd+E5hHkCwp0jcGDv6K0Ww:2Po2IA+fNfcEfHkCwqjcUlw
MD5:	D2177355BECCFDBC1E7B5C687DFBA290
SHA1:	0557F3883AA8EABEFA6A110A08CF549117FD1901
SHA-256:	A844247B7CDCAC1A5F61C604E4DB111B274616C0EB19A70CDFB073C8C2F3B375
SHA-512:	7E5CE3047E4661969A3827B225F1B88F80BFEA221549E37B406DA52D1C51F60667340BB1A074F96A516D185979AB5E298FAB76BF5789CE7EE34B399FD2BDFA3C
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\BurnAware Free\is-TTUUJ.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....N.W...........!....E....>...............`............................................@.....................................x.......@...................lI..........................................................@....................................p.......:..................@..@.rsrc................<..............@..@.......................................@petite..E.......E....@..............`..`.......................................`.......`...>..z...........E2.dzo..[..^..7..m..&.@...6.@...5...d`o.O.:IPx.......... !......"H(-_.L.......X....P.j.........J..7l.I3j.)...u's...3y.t...!W..[....1...Z1......5....C~t@`n...L..x.....5.H9.R\..c...r..1.C....(....9..S..-c....@.3..."gZ..d..j}...@lv.e!;.R].....$\|e\|`...%.P..IV...x.4D...h.!.>.kg.i.......... .DAC...mfz.W!K.P.k...p...h..9}..ze...2....a..g..[y....P@.=........?.I..G.......qO...qo......m....Q....L.O....h.~4..95.".y..m4u...cBUH...y.S$i.8q

C:\Program Files (x86)\BurnAware Free\is-VCHUQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	578776
Entropy (8bit):	6.655075918317694
Encrypted:	false
SSDEEP:	12288:LAlJu8NZLfIzUipVPgJ0//B9wEi9vKpzp2ZVNF5BBceV8z5U:LADuS1ywJgCl9yppoVD5BBceV8z5U
MD5:	3F8FF7F25E3834DB92B0DE00621FD437
SHA1:	C0A94BC6C371ADCC8AB490A6A90CEF99117A6562
SHA-256:	CAB385455ACA791F41E01FEEC3B9DE61D2F0449E1018A075AF22219ED5D201B5
SHA-512:	454D6463EDE1AB92C152AF1CD68DB55A14BFFCC2E2470ABEF0B5A360D42D7F8B6A2162E2AD6C06DDA4D29E4258CC237B2C7632CA6B179070B0B5E8F6DD842BC5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m M0)A#c)A#c)A#ctc(c(A#c.]-c2A#ctc)cJA#c)A"c`A#cK^0c,A#cvc(c.A#c.a'c(A#cRich)A#c........PE..L...l..9...........!........................ .......................................E...............................(..........<...................................................................................(................................text...z........................... ..`.rdata../.... ....... ..............@..@.data........0...P...0..............@....idata.."...........................@....reloc...*.......0..................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BurnAware Free\is-VHPJS.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1350360
Entropy (8bit):	6.642861347345999
Encrypted:	false
SSDEEP:	24576:ye08zSJMzUJ5I4VSwq2BdS/7IF3B9G4J+gPOiIsTAA7ZUWkUNmN:lkvS0395J+gPOYTAPamN
MD5:	08E8163EBA464CB7AE6F2B3A0BE3B291
SHA1:	5AC0076EC87BD3D06772CEFCAE11148021121046
SHA-256:	6E185E0ADF5B486AD1076F1C374196BA98651065934A7530D5110891BEEB0C2E
SHA-512:	513846CFF37BC120CDF5F39F2D6966EBB983A6C3EA89B324BF0865A0CF38BF14EBE33B26ACCE95133FAD4C441C660166D049C199002ABAC98086973CFBCA7F50
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....2[.................v..........X.............@..........................`.......z...........@..............................Z2... ...@......................8..................................................8................................text....e.......f.................. ..`.itext...............j.............. ..`.data....e.......f...z..............@....bss.....y...............................idata..Z2.......4..................@....didata.............................@....tls....<................................rdata..............................@..@.reloc..8.......,..................@..B.rsrc....@... ...@...F..............@..@.............`......................@..@........................................................

C:\Program Files (x86)\BurnAware Free\is-VP913.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19396
Entropy (8bit):	7.541174332849443
Encrypted:	false
SSDEEP:	384:KobrFPWMgug1kD3uxnqtpJUBGWFXO1H6OGZ9k0yKfg5io/s2R9SzK0r8pD2:KovFPW7Gyp0JsXOYOGZ9k0XfgC
MD5:	74B6071109D2FA2B27B75BD3CC100BBB
SHA1:	0038A6A686EEB5BD082A4FB32413A48D4D0F1AFF
SHA-256:	8A3391210D0CDEBB06B0292D0DF9CEC3A2BBCBCA0B99979B65143B0568F04106
SHA-512:	CCEA98DA1F00A8AC159703AE13F92748DB2D323B94E91B361D6D136515D0C715D394FAAE5A52664F96F1452D4B5F820EB1B4773A37F0D82C094DAAECA1ED8E17
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\BurnAware Free\is-VP913.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...................................D.... ..PE..L....v.V...........!.........D...............p............................................@.............................................@....................N......................................................"...H............................................@..................@..@.rsrc................B..............@..@.......................................@petite...............F..............`..`..........................................>m@.SE3..f..H4\....5b.31bo.. ..w.#&-..h.....D@....QfS......S.<..m.g..T&\|h.@.J..._.(.)..D.....=#.H.0..J.F......I.Mg......B...f...k.V..........B.~.C..\|..."p./...?.[..k.o[/R..2...:Z?N...8.Z..^....."........ .h..8LQ.e..T1[.eX...'(.D..!R..o....J....+..P..9..PDC..... RZ..Q....:...J0.e:c..@.iW...2..<.&{.5....zZ..?.D.${..:...:\L.....v.s12..{..ezU[...4a..l....#p../?m.;...\|8+@Myo3...f)....z....J7..slp...5.....d...f2.i.....G.......A.+"g......z&,..=3.39j../..,h.Z...[.F..

C:\Program Files (x86)\BurnAware Free\isofile.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 64x64, 32 bits/pixel
Category:	dropped
Size (bytes):	40426
Entropy (8bit):	3.8853121111300246
Encrypted:	false
SSDEEP:	384:/0xZ9ubhnD2LXMyQwNHnudJv31xtplGsUsgL:/8AxD2LXMyZsJv+L
MD5:	BDB8D4677CEA3AAB8A33C99BBA4A4D0A
SHA1:	3DCE6ABBC37FD5DE1894430D8976C1F2CE206415
SHA-256:	9D9BACE04F18D8E22D492DF129C3E8B762BFB35C42DDF4FB775E7D8E42AAFF3D
SHA-512:	CDC05588C1E3666FD6ACF835327F028808A7FC0120DC720255E9E8FF7109283307C4EDF89FDE26906A20F13C02CDAA11EA8C90B205A028AA2CF56416C72B1F0D
Malicious:	false
Preview:	............ .....f...@@.... .(B......00.... ..%...Y.. .... .....R......... ............... .h........PNG........IHDR.............\r.f....pHYs..........o.d....IDATx...}pT....I...4...."+.5.8.....@UL.d3.H.V,..n;s..2.s....v...v.Z.o..R.,.S.\V.D..1...$@.iR.."..c.HB....M..gf.!...?$..<.y......\|.......IY.%........J..MU.\.W.x..u.....t......."...(u............]...........2zNU...Bv...D......S.........5...7?E0....%.]..Og.r.!N..{.i$......L..6s.. .. ...hii...2.C.=....Dv.>..8:.H..C......l.. ....4c...@.knn...D.2.,.. .......iii"....b..#...r.J......i.a..HMM.i.......5}.t.~.....0..q3f........_G...........,_..!`3..%...,].T.9C....J....[D.3......SSS.........0.().7........qb.P.?.>...Z....80.(.]w.uX.`.hs..A..Jz7.p....D.3..`...x.b.;W.9C@......&.=[.9C@.....n..555....:..4..\|....+E.3.40.h.III..e.PUU%..C ....I)))..w.../.\t...(..4f.....n..^*..C`....i...X.b......M..C0.h.KMM..w...r.M..Q............2.M..`..8.....+W....D..`......U.V...Xt..C..@.Nzz:...QPP ...!...q)++..W...^(...!..

C:\Program Files (x86)\BurnAware Free\tags.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	14324
Entropy (8bit):	7.652105290311656
Encrypted:	false
SSDEEP:	384:uJsyVJWQTkvwm96zI7QvGIdfjMrE12S6zt+q9JVeJSwrWK0C:uNVkgvm9QIYfAYVotthvw5
MD5:	6F26A1A5D165272BA48F45BC0B79750E
SHA1:	01E410C26CDDB4D413609D867ED0B9B9E524C1C0
SHA-256:	5B97117B37D3CF1EDA8AFA90D872E4D2A74C5E59FC925E637AD1290865F582E5
SHA-512:	A7570ED8AE48574E44CB7EA04A796295657876B7A0F9B8F67D16CFAC0FEDDA1D02A4631F711195CD070AECCC8C7CA2AC2F23D28BF9DA8FA06BF2A101C53AB60F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L...2h.V...........!.........2...............P............................................@.....................................x............................?..........................................H...............@....................................p.......0..................@..@.rsrc................2..............@..@.......................................@petite...............4..............`..`.........................................c.l.`#..j.Z........ b.E.!N...I.........K.\|....fv...ZF.1G...".w-.^f$..H..,\..U..D:.......I...n...HXg.....0.....Q.0 .8...\|..,.;.PY..RU.".....l.1...E6^..4P.K8..K.@.1.W(R..)..k.y.a._..t.t6.3qD...P../..m...m..T...P.R.\.......O....g........6..QL6.z..Y...........*f.d..+..7B....k.........<.}z0.Kmj..{%".Fg?.).Q...E.>.Y...P.t.........Eg..w..R..P.4...T.CZ.._.U..T...zt4........p. ............?.........X..,+...@..=....!{..rs=..QzY..~..0.y.D....D........Y<^...-C....$.T...

C:\Program Files (x86)\BurnAware Free\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	InnoSetup Log BurnAware Free, version 0x418, 11984 bytes, 618321\37\user\376, C:\Program Files (x86)\BurnAware Free\376\
Category:	dropped
Size (bytes):	11984
Entropy (8bit):	3.7946207067987316
Encrypted:	false
SSDEEP:	96:Q5Dn8AZv/I/MAbCmbcuJlEDA4MZAe2LVb0EtUC1CRCS9ClCnCM9CqC9kClCQhqCn:Q5wg6bP4DSmh1l4+sJjzCig95dHf
MD5:	A9AB229A80F9D65A6A81CA7A6668CDD9
SHA1:	DB736D624743D1DFAEC5837B5D393823939249F7
SHA-256:	3914FA4E8B7FEEF5C8BF5568E9B01B7708FC5EB5C6FB4D6E64A9245F818C8A06
SHA-512:	C22188F2BD3CF8C0754C088D5164FE2EAAB231C076A57B38148DC27FBAE1FE24A35A10B8546CD96BF2C5D5874F86EC18486EC05CB36B44B24F3F63A2961AF2E9
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................BurnAware Free..................................................................................................................BurnAware Free......................................................................................................................<.......%...........................................................................................................................Q..`...............6.1.8.3.2.1......j.o.n.e.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.n.A.w.a.r.e. .F.r.e.e................'.!.8.. ..............IFPS...."...............................................................................................................................................................BOOLEAN..............TSETUPSTEP.........TWIZARDFORM....TWIZARDFORM.........TEXECWAIT.........TNEWSTATICTEXT....TNEWSTATICTEXT.........TSETUPMESSAGEID.................!MAIN....-1.....6.......CURSTEPCHANGED....-1 @29

C:\Program Files (x86)\BurnAware Free\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1278181
Entropy (8bit):	6.457767718219793
Encrypted:	false
SSDEEP:	24576:EnbbPImgK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEt7Afjqx9z1:SHeKh4nqzF3PYdStuWz
MD5:	E2E897166C54B6EE47F0167221C28BD6
SHA1:	973EE8DEB14DBF2B52B8218FC82027BE186F1982
SHA-256:	C9B0BAD8C38604734F0ACAED5C6AA1A3142667E9E17D65838D964169C69C48EE
SHA-512:	EC0B6499C160090CAF95A1E377413DB51E7EDE6D8EB4302C5661558F56288A83AADF24FD0547538C001199A991ABB346520ADB0AFA1D2C861C492C9CA47D2348
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@.......................................@......@..............................@8...@.......................................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc........@......................@..@....................................@..@........................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\BurnAware Free on the Web.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	MS Windows 95 Internet shortcut text (URL=<http://www.burnaware.com/>), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	51
Entropy (8bit):	4.461161861367234
Encrypted:	false
SSDEEP:	3:HRAbABGQYm/0S4wUQLdYvn:HRYFVm/r4wUeOvn
MD5:	CFE219C7B0A6EDC037F6DBE7D18F8186
SHA1:	21E056119F133A5902A5545E32111B3A36FC7AEB
SHA-256:	F00E15A8922D6BDECF8A113EA78818C33647D4BBDAD83E924CFAEBFA8DA3A848
SHA-512:	67669E713BB707AA46C767FD2DE584D32DAF658C046DFEDE403D15F3C89789B98F09597930C2C339F2517205BA2D7BB7191588F68F2F539831AA0A833B981FA7
Malicious:	false
Preview:	[InternetShortcut]..URL=http://www.burnaware.com/..

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\BurnAware Free.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Jul 11 16:39:34 2024, mtime=Thu Jul 11 16:39:34 2024, atime=Wed Jun 27 00:12:10 2018, length=1350360, window=hide
Category:	dropped
Size (bytes):	1145
Entropy (8bit):	4.666067317050987
Encrypted:	false
SSDEEP:	24:8m//mxvEEkdOEKcihARQdPc4dPcwoUUEMb/qyFm:8mHmxMEkdO3ciyRQdPc4dPcw9ryF
MD5:	C4311E22DCE795B57032FE32E2D9475F
SHA1:	0548E19AAC56A73E53413D6D8C68EB87A56AC102
SHA-256:	95A214BF653B793C07E0D5535E6F3F5F85BD8F572FDB1DE5E6EFD9D5C9D5394C
SHA-512:	7EDF6CE2E1E29CFA780F48331F10830DE6857F89EDB9D33E4ED675EBF39554CBDD3C318827F546B7D9E77BF375D45D214B733E13E31EA72E2CE1E629FB0D2759
Malicious:	false
Preview:	L..................F.... ....zK.....q.K......v................................P.O. .:i.....+00.../C:\.....................1......X...PROGRA~2.........O.I.X.....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1......X...BURNAW~1..N.......X..X............................R$.B.u.r.n.A.w.a.r.e. .F.r.e.e.....h.2.....L.. .BURNAW~1.EXE..L.......X..X...............................B.u.r.n.A.w.a.r.e...e.x.e.......b...............-.......a...........U........C:\Program Files (x86)\BurnAware Free\BurnAware.exe..B.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.n.A.w.a.r.e. .F.r.e.e.\.B.u.r.n.A.w.a.r.e...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.n.A.w.a.r.e. .F.r.e.e.........*................@Z\|...K.J.........`.......X.......618321...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\Help.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Jul 11 16:39:35 2024, mtime=Thu Jul 11 16:39:35 2024, atime=Fri May 18 16:57:50 2018, length=102640, window=hide
Category:	dropped
Size (bytes):	1145
Entropy (8bit):	4.667632345283244
Encrypted:	false
SSDEEP:	24:8mfY/WJERkdOEKc4kARedPcmdPcwoUUEMbjqyFm:8mfEWGRkdO3c2RedPcmdPcw9XyF
MD5:	27C9B905B4F3B9A5D636B02A81004B17
SHA1:	86854F0C5EA14546388174395A1905E464B9FB15
SHA-256:	99DCAFB634FA8C05FA4C6441EFEFCEE4F07C0E6464F2D660FD0B0B4FBE9C6135
SHA-512:	197F2BBB66D0515627A43478ABE6CA31EF2E10A277B61FEAFEDE073872BA0AA9C78382C568FC0D1310028F4AF73761FE5C6B978376CFA4584CC3200552032D1B
Malicious:	false
Preview:	L..................F.... .....K......K.....#b.................................P.O. .:i.....+00.../C:\.....................1......X...PROGRA~2.........O.I.X.....................V.....,K..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1......X...BURNAW~1..N.......X..X............................R$.B.u.r.n.A.w.a.r.e. .F.r.e.e.....h.2.....L9. .BURNAW~1.CHM..L.......X..X....._.........................b.u.r.n.a.w.a.r.e...c.h.m.......b...............-.......a...........U........C:\Program Files (x86)\BurnAware Free\burnaware.chm..B.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.n.A.w.a.r.e. .F.r.e.e.\.b.u.r.n.a.w.a.r.e...c.h.m.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.n.A.w.a.r.e. .F.r.e.e.........*................@Z\|...K.J.........`.......X.......618321...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\Uninstall BurnAware Free.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Jul 11 16:39:33 2024, mtime=Thu Jul 11 16:39:33 2024, atime=Thu Jul 11 16:39:01 2024, length=1278181, window=hide
Category:	dropped
Size (bytes):	1140
Entropy (8bit):	4.664489431720398
Encrypted:	false
SSDEEP:	24:8mcf8QWJERkdOEKcgAIQAaxdPcTgdPcwoUUEMbgedqyFm:8mcf8QWGRkdO3cgA4axdPcTgdPcw9Zev
MD5:	5DEBB3F133BA841D81BFF5B411335079
SHA1:	AAE5E0A3C2DF0A9F699041B5982AEE21073441F2
SHA-256:	282D91335BD44BCA3A550A8B5BC728D5A3F126F871C4BA0887B9FA0506CB19F0
SHA-512:	9AF49A5861F10F9E6EB853FF3F5E760EC224751FC0F8438BA93F5CFB1690278EB2904B23DB799C6C92A280BDCE777840069519B99C2502F1E3291981B203CB59
Malicious:	false
Preview:	L..................F.... ......J.....x.J.....].7................................P.O. .:i.....+00.../C:\.....................1......X...PROGRA~2.........O.I.X.....................V.....,K..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1......X...BURNAW~1..N.......X..X............................R$.B.u.r.n.A.w.a.r.e. .F.r.e.e.....f.2.....X. .unins000.exe..J.......X..X..........................~!P.u.n.i.n.s.0.0.0...e.x.e.......a...............-.......`...........U........C:\Program Files (x86)\BurnAware Free\unins000.exe..A.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.n.A.w.a.r.e. .F.r.e.e.\.u.n.i.n.s.0.0.0...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.n.A.w.a.r.e. .F.r.e.e.........*................@Z\|...K.J.........`.......X.......618321...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6

C:\Users\Public\Desktop\BurnAware Free.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Jul 11 16:39:34 2024, mtime=Thu Jul 11 16:39:36 2024, atime=Wed Jun 27 00:12:10 2018, length=1350360, window=hide
Category:	dropped
Size (bytes):	1127
Entropy (8bit):	4.679096043282394
Encrypted:	false
SSDEEP:	24:8mr/WJERkdOEKcihARndPc4dPcwoUUEMb/qyFm:8mTWGRkdO3ciyRndPc4dPcw9ryF
MD5:	AD5B34BD611D55E013B91B6563065F4A
SHA1:	9261FFA0CB2058E509BB429E867F9891DA4A8992
SHA-256:	2C10FD50F10054442216B2614DA739FAD8946565C82D92B24202820CA140D675
SHA-512:	384D6AD968F722325D3F9AE1D6B8179F5AABB097F1952F58D1824A77E4340D9C46C25E67D0A51C2CEDC2D3A9F257C592CC69DA04F8E391D578B0369B2559DA3D
Malicious:	false
Preview:	L..................F.... ....zK....9.+L......v................................P.O. .:i.....+00.../C:\.....................1......X...PROGRA~2.........O.I.X.....................V.....,K..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1......X...BURNAW~1..N.......X..X............................R$.B.u.r.n.A.w.a.r.e. .F.r.e.e.....h.2.....L.. .BURNAW~1.EXE..L.......X..X...............................B.u.r.n.A.w.a.r.e...e.x.e.......b...............-.......a...........U........C:\Program Files (x86)\BurnAware Free\BurnAware.exe..9.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.n.A.w.a.r.e. .F.r.e.e.\.B.u.r.n.A.w.a.r.e...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.n.A.w.a.r.e. .F.r.e.e.........*................@Z\|...K.J.........`.......X.......618321...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\GenericSetup.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1740
Entropy (8bit):	5.36827240602657
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKGAHKKkKYHKGSI6oPtHTH0HNpaHKlT4x:iq+wmj0qxqKkKYqGSI6oPtzH0tpaqZ4x
MD5:	0953036116DB18A3DBA50A95249AA09D
SHA1:	B0C95E1A76B13F979FA7FF6671473E983E13869B
SHA-256:	21B609D6C67BE1A72318549C614FFED1E4D09D90125217AA758DB759CB622231
SHA-512:	9A9D7AA570410A253A4DBDBFED162C3537C040425CFD7C8A9F70CA0BB7BCE4824AD959BECAF60A2FA4D090CF06328EE3A03BAC65E30209339ECA06679106166B
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\3

C:\Users\user\AppData\Local\Temp\7zSC67062FB\2024.07.11_13.39.36.896275_installer_pid=1228.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3549
Entropy (8bit):	5.32949857442305
Encrypted:	false
SSDEEP:	48:+JwCTgS8rq94MgSNbA7SongS0KVFgS6gSOKl4gS6gS4YczYaPB2kK+aYswtaVkFM:lCsSQq9ASUgSGSNSFSNSWB2kWdANfs
MD5:	07B2D2901FDA51A75C8B9C510EDB47DA
SHA1:	3C06BC1F4709AB9AE56D63500A542512F7B35F65
SHA-256:	558A248818C416EDB786B1174450BFE2259C04234251ECB23A0CA31C4A005A54
SHA-512:	DB7B31A9EE69427B5D96CD577B5B80552BD3EA316479D58C831C5167446E9F1479F4475682DEB54DD32FD4DD0F3B21325EB52D4219C933F2F3A5B9B944FE693B
Malicious:	false
Preview:	[1][debug][2024-07-11 13:39:36.896275][00:00:00][0x000004cc][0x000008a0][installer][wWinMain][429]: install id=4bb41e8d-7d0c-42c1-a09d-74b24897eda8..[2][debug][2024-07-11 13:39:36.911908][00:00:00][0x000004cc][0x000008a0][installer][wWinMain][432]: generic setup config file path="C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe.config"..[3][debug][2024-07-11 13:39:36.911908][00:00:00][0x000004cc][0x000008a0][installer][wWinMain][448]: event service url=https://flow.lavasoft.com..[4][debug][2024-07-11 13:39:36.927523][00:00:00][0x000004cc][0x000008a0][installer][wWinMain][460]: bundle config file path="C:\Users\user\AppData\Local\Temp\7zSC67062FB\BundleConfig.xml"..[5][debug][2024-07-11 13:39:36.943154][00:00:00][0x000004cc][0x000008a0][installer][wWinMain][471]: BundleId=BA002..[6][debug][2024-07-11 13:39:36.943154][00:00:00][0x000004cc][0x000008a0][installer][ReadUACSetting][93]: No such node (<xmlattr>.UACSetting)..[7][debug][2024-07-11 13:39:36.943154][00:00:00][0x000

C:\Users\user\AppData\Local\Temp\7zSC67062FB\BundleConfig.xml

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	ASCII text, with very long lines (2281), with CRLF line terminators
Category:	dropped
Size (bytes):	4015
Entropy (8bit):	5.880446206753272
Encrypted:	false
SSDEEP:	96:toAdVKjRCQRJ6mrwMSEIZDvVsLAbxAJYpukte/70IO1:toFULD68kMukt/
MD5:	1772E6A673818E7A5FDA40769644B517
SHA1:	87A08A8D16DA1F9C5F69DDF1A49F6995F8D382F9
SHA-256:	0E395AA80EF68FD68DF39AEB52904F6A0800D7F13BCF2F5E2B84CD6AD2105CAC
SHA-512:	1F53A5A60CAC0AD933DC618EA6F7CCE9DB3AA5B6A963E40FCCC9DD41A955DD40D18EE493102B09DACDCFAC47AA965EF310969AC5BFCA77C656F82306BCAE421E
Malicious:	false
Preview:	<BundleConfig BundleId="BA002" AppName="BurnAware Free" OfferPageIndex="0" SignBundle="false" RequireAdminAccessRights="false" UseOfferInstaller="true" PartnerName="BA002">.. <Carrier CompanyName="BurnAware" ProductName="BurnAware Free" SoftwareVersion="10.3.0.0" OriginalFilename="BurnAwareFree.exe" LegalCopyright="" FileDescription="BurnAware Free Installation" AppFileName="BA002" />.. <Form Text="Setup - BurnAware Free" Width="497" Height="360" FormBorderStyle="FixedDialog">.. <Element Name="pnlHeader" BackColor="White" Height="60" Width="497">.. <Element Name="Icon" Visible="false" />.. <Element Name="Header1" Left="23" Top="12" Font="Tahoma, 8pt, style=Bold" ForeColor="Black" AutoSize="true" />.. <Element Name="Header2" Left="41" Top="28" Font="Tahoma, 8pt" ForeColor="Black" AutoSize="true" />.. <Element Name="Separator1" Visible="true" Top="59" />.. </Element>.. <Element Name="pnlContent" Height="249" Width="497">.. <Element Name="Line1" Font="T

C:\Users\user\AppData\Local\Temp\7zSC67062FB\DevLib.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	314104
Entropy (8bit):	6.21181274464366
Encrypted:	false
SSDEEP:	6144:xIM/N4R1UOv0ul9YZmOiI6LXGGDZBXbroL3YekZe:j7OvvGFd6VZqL3Yle
MD5:	30B280C144899FB2FE8E87DB11086E79
SHA1:	A417A70554C0A13CAD46E61ED2B9AB9DC1AA9CED
SHA-256:	380A96A13CDF34B3A3F695B32C6F096CEA2BAAAB6A800158C64CE97E679E6B83
SHA-512:	7E2232002C1D9ADD7CAACE8E18DB01B5A695DF5134E296433C4F32A97767BAE0AD81CD892D34E31F934DB046022904D3135B55F9D34D2CA8446AF540E5D30DA2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Np Z.........." ..0.................. ........... ....................... ............@.....................................O...................................\|................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......`...............,...P.............................................{$.....{%.....{&.....{'.....{(.....{).....(.....}$.....}%.....}&......}'......}(......}).......0...........u......9....(+....{$....{$...o,...,w(-....{%....{%...o....,_(/....{&....{&...o0...,G(1....{'....{'...o2...,/(3....{(....{(...o4...,.(5....{)....{)...o6.......0.......... .... )UU.Z(+....{$...o7...X )UU.Z(-....{%...o8...X )UU.Z(/....{&...o9...X )UU.Z(1....{'...o:...X )UU.Z(3....{(...o;...X

C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	46840
Entropy (8bit):	5.786090821557103
Encrypted:	false
SSDEEP:	768:VAE+/58U13Bwtrw5MzQUiAU9tYcFroo6K1D+0/6h:VAV/582/McUiBVrool1V6
MD5:	1F4C6E7D827B980005B2C9C057018BD0
SHA1:	C83ACECC2AA11EAA585FFA6512752EF96F826828
SHA-256:	43D8917BBC213AD1DD20088C782CED72AF1AD9A2BB0C4F60216BEFE433529533
SHA-512:	70406763FC98565BFBF420A1288893F5553DAD414158E5A84044742953267BF5751F0F52F7B8CA88A7FEDE2F320CB70BADFE41C8FDD26F24D6A00E98C705D8B2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]p Z.........."...0..`...>.......~... ........@.. ....................................@.................................\|~..O.......':........................................................................... ............... ..H............text....^... ...`.................. ..`.rsrc...':.......<...b..............@..@.reloc..............................@..B.................~......H........8.. E...........}...............................................0...........(.....(.......s....}..... .(...(.....(....o....(....(.....o.....3..s......o....:.......{....s....%.o......o....,j.o....o.....+>.o....t........o ...r...po!...o"........(#...o$...(%...,.......o&...-....u........,...o'.....{.......o(....{.....o)...........J.........{.....0..^........{....o....(+....3I..(,....(-...o.......(/....(0...Y.[(1....(-...o.......(2....(3...Y.[(4...*...0...........{..

C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe.config

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1537
Entropy (8bit):	5.181627602435486
Encrypted:	false
SSDEEP:	48:cP02EekibQtMWGKI4YHJyIcsJcJ4YHKJyI+:l2/kPcKI4YpytsJcJ4YqJyt
MD5:	99E28C6E823CE85E96525749460B58A0
SHA1:	AFDEE16DED2A52BC56D9BA5093C587F0248ECEC6
SHA-256:	42871E6438B5CC47A30DD3FF5B2F9B52BC9FEECD2DFA5EAF01A56D6065EF575E
SHA-512:	78D60A95DEAA047EF77E85EA252048C726B29693FA28DBB562E17396ACE5BC4C101562BADF3DC4C752DD5A7D75C9AA1FB25C1E0882065B866A1A766A74C3418B
Malicious:	true
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>..... .. .. .. .....<runtime>...... .. ....<NetFx40_LegacySecurityPolicy enabled="true"/>...</runtime>...<startup useLegacyV2RuntimeActivationPolicy="true">...... .. .. ....<supportedRuntime version="v4.0"/>....<supportedRuntime version="v2.0.50727"/>...</startup>...<appSettings>...... .. .. .. .. ....<add key="OfferServiceHostUrl" value="https://sos.adaware.com"/>....<add key="EventServiceUrl" value="https://flow.lavasoft.com"/>....<add key="ClientSettingsProvider.ServiceUri" value=""/>....<add key="InstallId" value="4bb41e8d-7d0c-42c1-a09d-74b24897eda8"/>...</appSettings>...<system.web>...... .. .. ....<membership defaultProvider="ClientAuthenticationMembershipProvider">....... .. .....<providers>........ .. ......<add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Ver

C:\Users\user\AppData\Local\Temp\7zSC67062FB\Microsoft.Win32.TaskScheduler.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	303352
Entropy (8bit):	6.146428936546734
Encrypted:	false
SSDEEP:	6144:5G07E8NW93vlxjYULsxwwnpfmEtXqMDYr5vnA+19afZt:BE73vPYULsxwwnpfmEtXqMuvFkf/
MD5:	5B13DE19962A1F69B6ED29ABCAD1E901
SHA1:	E22DA90A8656C2731379CF3EC792ACCDC0B950CD
SHA-256:	26D14050598608F14D8EE65CB3446A5C57B86EE7A429C1C10B6D3FE5DC321353
SHA-512:	6B5F459C2BD6CE3394DE08A0FD96657E85F879A3668C75901624038A23AEA87A2C8CDCF613EECC70A2331A9C958809526C4C284DA705486E013DBC7C65EFA101
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.RY.........." ..0................. ........... ...................................@.....................................O.......0...........................`................................................ ............... ..H............text...@.... ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B.......................H........y..$............E...W............................................{......{....V.(......}......}.......0..;........u,.....,/(.....{.....{....o....,.(.....{.....{....o...... .F. )UU.Z(.....{....o....X )UU.Z(.....{....o....X.0...........r...p......%..{.........../...../...-.q/......../...-.&.+.../...o.....%..{...........0.....0...-.q0........0...-.&.+...0...o.....(......{......{......{....r.(......}......}......}........0..S........u1.....,G(.....{.....{....o

C:\Users\user\AppData\Local\Temp\7zSC67062FB\OfferInstaller.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	25848
Entropy (8bit):	5.572877039684841
Encrypted:	false
SSDEEP:	384:M+4mFeZm7y5dOSxzHwU18Q7/mA83ptYcF0Kc03Ks8n+YPLbY+lzL:M/o7y5dOMzQUiA8ZtYcF0Kc6Ks8+0/lv
MD5:	B4744A5699F0F78C231D1505D21AFB0A
SHA1:	230A6C84A6535102A7BC86512EEF9C084E277AEC
SHA-256:	66FBB836C78A4B025036A76E0F352582740948072D9D591043D308117C5D6B92
SHA-512:	1BBFC7A142AD7310E91F915C2B8A3CA57163C51C08F2E12E668CD3EAE498457881585B5B5DA345658FA7E93070EACA81597E258B394AE02E199FE6661D75F100
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\p Z.........."...0......:.......0... ...@....@.. ....................................@..................................0..O....@...6...........N..............l/............................................... ............... ..H............text........ ...................... ..`.rsrc....6...@...8..................@..@.reloc...............L..............@..B.................0......H........"...............................................................0..P.......(...........s....o......r...pr...p.s......s......o.....o....%(....(...+..o......r+..p..(....(....(.....o.......,..o........,..o......o....(....-..o....r7..p(....+.rW..p.(...........o....o ....ru..p..$...(!...(.....o"...(#...($....o....o%...&.(&....L..(......o'...r...p..o(...()...(......(.....(....r...p(+...(,...r...p(+.... ....(-...Ad......0...>...n...............)...Q...z...................

C:\Users\user\AppData\Local\Temp\7zSC67062FB\OfferInstaller.exe.config

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1093
Entropy (8bit):	5.091088372767926
Encrypted:	false
SSDEEP:	24:JduG/mh9jnk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOT:30nnKS4YHJyILsJ+J4YHKJyIvT
MD5:	DD39824ADEB4FF5BCDA330F48A1777B9
SHA1:	EE46838177B0CD7E17C77F1FADB2A516A960AF12
SHA-256:	D31388110FFDEF2AC150BDF02E69EBF81895D2B0EC8400558601A9E498E05DFC
SHA-512:	79BA2C8605C359BC4E4FA10550F4771C3DF77EF395CB1D9F4014925FC885225331E9F2915AEF071D4394845D79126166719AD82AFD51116FD796F55D46101BBB
Malicious:	false
Preview:	.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <NetFx40_LegacySecurityPolicy enabled="true" />.. </runtime>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cache

C:\Users\user\AppData\Local\Temp\7zSC67062FB\WizardPages.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	58104
Entropy (8bit):	5.574131051536826
Encrypted:	false
SSDEEP:	768:6qctE6OVHn3bDkdC+Ya/uMloameNmNDYz+0/02:6qcOVPklpqadyDYl82
MD5:	25F08F3D68A79554CCF75EC08D1D8820
SHA1:	2C0BCC8C215D4CA15E1EAE33D1BF372C2B0C8C8B
SHA-256:	AB14AC1D6645CC1470C4177E6E838F2475D7C1DAAC375DD25DD49D1D29D249ED
SHA-512:	0186E8EC44E5BBB4327B51ADD76EC8AA3D0529AEA0BBB8545EAE1F6355F2E02F06126C0C54465A82190942EC87BB95B4A7C92B8A4F6540763EF219ACE923DA4A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Op Z.........." ..0.................. ........... .......................@......p.....@.....................................O............................ ......T................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........}...[..........................................................>...(.....(......(....o....,..(....o....o.........0...........{....o....,/.{....o....,".(....o....,..(....o....r...po.....{....o....,F.{....o....,9.(....o....,,.(....o....o....(....-..(....o....o....(....(....o.....(....z.,..{....,..{....o......(....*..0...........s....}.....s....}.....s....}.....s....}.....{ ...o!....{"...o!....{#...o!....{$...o%....(!....{"...o&....{....o'....{"...o&....{....o'....{

C:\Users\user\AppData\Local\Temp\7zSC67062FB\de\DevLib.resources.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.450102420013877
Encrypted:	false
SSDEEP:	48:6wQau9KYa5QHb/bmlR40PQWqb7BpS7LSkjnpAkdznwUJ0LcOc:wEQjSlRj+RaZdzwU2Iz
MD5:	9C30F5969E8C131EDD9C14870748AB67
SHA1:	FD372AA55B56077CC48932A1E48B262A549AA336
SHA-256:	8F2ACD179C0A9A52F01B7FD4E1D2A5422EEEC46F97DAEA59BD55AFF8E75EC77E
SHA-512:	DB862DAAD8C618EFC356F6CA3E452EFEFAF1F59D3570CD668EA9D1B68D8CE12C5D3E16DDB5EC18627516DEA012035361B9ED8E8A754C699CB14875329C95BA2B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Np Z...........!.................&... ...@....@.. ....................................@.................................L&..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H........#..H...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPf.......p...].ec..................L........C.a.n.c.e.l.M.e.s.s.a.g.e.....(C.a.n.c.e.l.M.e.s.s.a.g.e.C.a.p.t.i.o.n./...@C.a.n.c.e.l.M.e.s.s.a.g.e.L.a.s.t.S.c.r.e.e.n.O.f.f.e.r.P.a.g.e.8....C.o.u.l.d.N.o.t.D.o.w.n.l.o.a.d.M.e.s.

C:\Users\user\AppData\Local\Temp\7zSC67062FB\en\DevLib.resources.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.40565817824893
Encrypted:	false
SSDEEP:	48:6wQqyC9KYag3vLV/SumlR40PI8qb7BBS7LSkjnpAkdznwUJ0LcOc:icV3vLV/alRJ+5aZdzwU2Iz
MD5:	9B2C1B850E4A0CA8BDBC5BC7DCAD72C7
SHA1:	717C2294FED24006C1B00B5BF21F4C117411EECD
SHA-256:	80E61A5769A0D2645CEC809567C0408DC97A42754E1083AC90C644DD9CF6B3E6
SHA-512:	991EFFCBF2A42968C176314645515A727DCAB2CD440015EDB75E933F2EEF487F0DF8880CC990A2111917C2E03E475EB49B7F411695F418FC77FC16563AF016D0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Np Z...........!.................&... ...@....@.. ....................................@.................................4&..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p&......H........"..H...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPf.......p...].ec..................L........C.a.n.c.e.l.M.e.s.s.a.g.e.....(C.a.n.c.e.l.M.e.s.s.a.g.e.C.a.p.t.i.o.n."...@C.a.n.c.e.l.M.e.s.s.a.g.e.L.a.s.t.S.c.r.e.e.n.O.f.f.e.r.P.a.g.e.+....C.o.u.l.d.N.o.t.D.o.w.n.l.o.a.d.M.e.s.

C:\Users\user\AppData\Local\Temp\7zSC67062FB\es\DevLib.resources.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.409634995101771
Encrypted:	false
SSDEEP:	48:6wQqyC9KYag3vye5SumlR40PFcqb7BBS7LSkjnpAkdznwUJ0LcOc:icV3vye5alRq+5aZdzwU2Iz
MD5:	3875A76EBDD113524E5DC3B4276FEC67
SHA1:	A606A0AF593B918DC5DC05AFFA154EB22B7A551E
SHA-256:	562C2B0800CDC27B6EE52DF8B068A2BD4B41C8D8FB5133B3DBB76B3E5EA50B76
SHA-512:	722B410BD815B58FD8D9D3FB7B62BCD6BE75B50A2B7AD2673E3475F6B58919607A0D733744899EB9C72E2EF72207EA4BC070A4E24181A517CDB312AFD6B19F7B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Np Z...........!.................&... ...@....@.. ....................................@.................................4&..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p&......H........"..H...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPf.......p...].ec..................L........C.a.n.c.e.l.M.e.s.s.a.g.e.....(C.a.n.c.e.l.M.e.s.s.a.g.e.C.a.p.t.i.o.n."...@C.a.n.c.e.l.M.e.s.s.a.g.e.L.a.s.t.S.c.r.e.e.n.O.f.f.e.r.P.a.g.e.+....C.o.u.l.d.N.o.t.D.o.w.n.l.o.a.d.M.e.s.

C:\Users\user\AppData\Local\Temp\7zSC67062FB\fr\DevLib.resources.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.492003999715567
Encrypted:	false
SSDEEP:	48:6wQK69KYaj20icbIVJNmlR40PJQgqb7B5S7LSkjnpAkdznwUJ0LcOc:Um2WKJIlRWg+BaZdzwU2Iz
MD5:	03F7047A3B237E021FC335656709D598
SHA1:	CA0257B4D7445F48C1F3AD676372107B9DFEA8B5
SHA-256:	18E38B17A644F0334C0B2E90E31DBB16EEC690EBFEBEB2FECBEA83DC4F4EEE35
SHA-512:	010C4F47B01CC2CD2E1B9B5821BA5EA051B02F1F09EB003207D3576614F3D8421065B23AD023CE5DCA3D9856EC80901178B7E90C42137346E854D60DF0AC5294
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Np Z...........!.................&... ...@....@.. ....................................@.................................\&..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H........#..H...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPf.......p...].ec..................L........C.a.n.c.e.l.M.e.s.s.a.g.e.....(C.a.n.c.e.l.M.e.s.s.a.g.e.C.a.p.t.i.o.n.%...@C.a.n.c.e.l.M.e.s.s.a.g.e.L.a.s.t.S.c.r.e.e.n.O.f.f.e.r.P.a.g.e.0....C.o.u.l.d.N.o.t.D.o.w.n.l.o.a.d.M.e.s.

C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1626360
Entropy (8bit):	6.54106210872876
Encrypted:	false
SSDEEP:	49152:4cyczrbk6H/TNifx4KZsv6nAKF6YmmHgBl5cwZZJvHyi+E+6TTY:4c5/vh2NmmAL5HJvC
MD5:	4D66DE397B5BF1F085AA7046A578A34C
SHA1:	F0C58079D03C27E0E2108204DCAF463CAFA32A9C
SHA-256:	DA927CC761D621255F0FB6F51BCD240AF3220B6F8B1E53ECA54D25676AAFCE2E
SHA-512:	55612FFA8F2EC2CB2D18D238F2B6FA31E529D9AA25AD4CB6916C89C8A9D86D517C28C5BAC8C13665E7A4F3BB61CD6A8660FA6737BCA97A5325FC072FB92CC6B4
Malicious:	true
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........X...6...6...6.It...6.It.I.6.It...6.cH...6..5...6.......6.j.3...6...3...6..3...6..2...6.......6.j.2...6.....6...7...6.h.?...6.o....6.....6.h.4...6.Rich..6.........PE..L...gp Z............................6.............@.......................... ......:.....@..............................................0......................,...p...p...................<...........@...............(............................text...v........................... ..`.rdata..:...........................@..@.data..............................@....gfids...............j..............@..@.tls.................t..............@....rsrc....0.......2...v..............@..@.reloc..,...........................@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BurnAware Free.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe
File Type:	ASCII text, with very long lines (3019), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8209
Entropy (8bit):	5.507618367208205
Encrypted:	false
SSDEEP:	96:175GpHSdzJ58eIOI8k5IIcsAHSd2B+flHRgDpRZpzW9c50NfgY:VbekY
MD5:	006DEC90C3BCC7E439E74945BD42C3CC
SHA1:	4D543B6C9FEF243D449C1DA2546AEAB1821BE5B6
SHA-256:	7EE66A26C66A13CE09390DE38DCF085A018B630DDDC1EA33F1B644417E6CDE7E
SHA-512:	38C0576B5228DA5021E7AD8EB2757B95164BFE08995811792A98087DF2B1B72C799A97E7ED8DFD1DCF3207B08B922C2D05AADFA3F3C94F9158322BE2AB4E784D
Malicious:	false
Preview:	2024-07-11 13:39:37,798 [INFO] ========================= LogWriter initialized ==========================================================..2024-07-11 13:39:37,829 [INFO] Command line arguments: ..2024-07-11 13:39:37,829 [INFO] admin access right =True..2024-07-11 13:39:37,845 [INFO] admin access right =True..2024-07-11 13:39:37,939 [ERROR] System.IO.FileNotFoundException:C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe. at System.Diagnostics.FileVersionInfo.GetVersionInfo(String fileName).. at DevLib.Service.SystemService.GetBrowserVersion(String filePath, String registryKey, Boolean isIE)...2024-07-11 13:39:38,407 [INFO] add send event to queue : BundleInstallStart..2024-07-11 13:39:40,017 [INFO] SendEvent Request ProductID:IS, Type:BundleInstallStart, EventServiceUri:https://flow.lavasoft.com, RequestData:[{"InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","BundleId":"BA002","BundleVersion":"2.0.0.53

C:\Users\user\AppData\Local\Temp\WD19EF.tmp

Download File

Process:	C:\Program Files (x86)\BurnAware Free\BurnAware.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:Lon:U
MD5:	5D93F7609C95588E766CE570E9B035A2
SHA1:	F7DF1F17161D990C0D289F62611C665226A6DDB8
SHA-256:	937C934F90F209E92D7EBF87A22C89305DD21799BE84D6B7FB21AA907E3E3B8C
SHA-512:	EDB6D326BE13C5EC14692748895D31281E08DA3F3ECB6A1EA08F287EA1AAD64723A08CB8C78FDE33515AED9BB663AE9B11C38A1E3B01273D8D01C32BCABCD933
Malicious:	false
Preview:	17.9

C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	894336
Entropy (8bit):	7.866668144054505
Encrypted:	false
SSDEEP:	24576:fG50ZfFK0lyhTtemSv0TOqMOyiBuO4N7lXfk9/ljhhJT:fG5Ufg0U4dO/BuVN7tMhpJT
MD5:	9AA0F5A7FBC6F7A2E6FEAF78F8E6B7D7
SHA1:	AA6D766912112809FD0849DBE6171D5BD4975B17
SHA-256:	234E86126EADCD7519D481BE72BA486DDCB5C03361A85512120ACAA540221C94
SHA-512:	A1A7DD19F29815C9D42BAC3C970490950BD5BAE5FF083614011A4B367282B3BE09405C83B9269101701280F403F76856DF6970C0612A8FE5F3A59B8F7C3CD817
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L.....M........../..................H............@.............................................................................d....p..h7...........................................................................................................text............................... ..`.rdata...D.......F..................@..@.data...hZ.......2..................@....sxdata......`......................@....rsrc...h7...p...8..................@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1255424
Entropy (8bit):	6.4851648915335725
Encrypted:	false
SSDEEP:	24576:cnbbPImgK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEt7Afjqx9zq:KHeKh4nqzF3PYdStuW4
MD5:	B3937B0F947BBEB9F93859803C6FD14E
SHA1:	3FE9D0FC391A4654CEEC11DC549EBE979833D2B4
SHA-256:	0797FB9E4B8B19AF03DDE10BCF2498A605BF31CFC0E7E92BC775177EBB64A070
SHA-512:	58C66270D6662C1E8F5D2992E863D7D088D118550CB7AA706F8641EA26530674BB034BA1637378004CDFADC89F27970E10EBF68C1BF07D4E4497B1571AC4913D
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@.......................................@......@..............................@8...@.......................................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc........@......................@..@....................................@..@........................................................................................................................................

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 220 x 300, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	65792
Entropy (8bit):	7.993995625349791
Encrypted:	true
SSDEEP:	768:aZt6pEAyGS7YyLu0nVnKj92dmqOHf4waRo62R+TJ7Ft7ckYctbEFT29BnvUuJV3Z:aZbGIYl0VnKjlqaZR++cc6ncubAOL
MD5:	8380E9CFAC2EEF537BA1817D2770C3FC
SHA1:	BACD15221CF8D9E3BED2C82AB1BB1C3670C8F35C
SHA-256:	815E49043B0305D92F09CB5DB2C81F1F06654A92055B69A526967871CE6C1C7D
SHA-512:	243B9234FFBB9CF56DA52040C40B3869C2178793D8C2AE9E166449BD9A3BC4E7753AD6BAE0CEE939802ED39B8F14418F6BE0F4A2FE5863861CFCE8617EF183CA
Malicious:	false
Preview:	.PNG........IHDR.......,........,....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:5B3E8449F02711EEB6498B5DC7D4AD46" xmpMM:DocumentID="xmp.did:5B3E844AF02711EEB6498B5DC7D4AD46"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5B3E8447F02711EEB6498B5DC7D4AD46" stRef:documentID="xmp.did:5B3E8448F02711EEB6498B5DC7D4AD46"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>LG.....tIDATx..y.$.u................. .. @..H......L...l.!.A....C.D...[......@..@........fvw.gz....\|.._f~gfv/..

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3205)
Category:	downloaded
Size (bytes):	21618
Entropy (8bit):	5.519433349121683
Encrypted:	false
SSDEEP:	384:FqhojxtJKN5L+cLsb5VB2dfqrKzDvibF3rC0fBoYV7fgMQCCJlXLX6x6bLTaRoy2:8hojx+N1+swySr8DviRbX5oYV7fgMQlh
MD5:	66C90F7DCB91215BD99D1DFF373CCF70
SHA1:	8590FFDBD622DDA97514FBC0AC0EA21AD807FACF
SHA-256:	071A4D7A67EC2E3A5B53938C8932DEA92B4FCDC1FFB09AB0D25098CFCAA061AB
SHA-512:	A750DFFC7E69725E1375FE955A63BA91801814667FE63C6B706E75CACCFC49AF9FE589A151E3EAF1EDF9BCD29181EAF043DB76B800A6188924F9C6AFCDC2D122
Malicious:	false
URL:	https://tpc.googlesyndication.com/pagead/js/r20240709/r20110914/client/qs_click_protection_fy2021.js
Preview:	(function(){'use strict';var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this); .function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}}da("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")});/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var n=this\|\|self;function q(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=n,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b}fu

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 250, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	6554
Entropy (8bit):	7.8094607869092885
Encrypted:	false
SSDEEP:	96:dttS95fccmex/fpT+03yZZyov0ChNGAgxdBot3B2F9miu2hLFpPghJtgxuTcBayi:RNexHpq8wJNHgxdBopBMEiu2hLuABvxQ
MD5:	F86BD3DA194896F2EDE33571A9ED4160
SHA1:	E5801AC75A8ECAED85CF3029492879B86177410A
SHA-256:	2117A476BFC924CE58F6AD26194CFA532379C909C29CC3114220EAC97B31F211
SHA-512:	8710CB9FCB84E426DDD6C13859F2C1947E2E684849FD2C954BA291CCE1FF132C6CB5D93739295A711B4BE9A249297F408F1EF5EB2E147CB1D336069B92400391
Malicious:	false
URL:	https://tpc.googlesyndication.com/simgad/17424121229866610403?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4ql1fDTXAt8275a3l0x_OHmOINlDrw
Preview:	.PNG........IHDR.............N#N6...qPLTE..X.h, ```................@@@........................ppp....m...000....PPP...........c...CMVy...............m.......b...........(3>^fn............l..m....{F.....w..6@J..x..5@J....ksz........oooPYb.........w..x..a............x.............{G.r:..T___......QYb....w.......{]fn.........w........................S....{..n..T......x...^.A....IDATx..{.6...#.O..m.R,K....L.g\S..4.i........^..Gb..../r#...y.P.H.....R.+................................................................................z....[{.W......5...........[..........<T.V..?(.......E...dY...Vvu..=...?hm..#....K.].r.\H....W....W..n<...'.O.R.>aI.2.[.,.~.Ju=OP.u.\|...m..\...y....~9.../?X5G`.J.m..{.WyX.....8<].C.Y.%Q...>q..\).....vu...Av.G..WVW.....y.e^.$....]..Jl.S....^v..(s...r.u..?.$.v\|..oL.r.o......$..m'6K#.a......'W.~U.Z']..d3....z+ei.h..r.{.'.7>.....^+N.........a.[.P9.k.>.{..a.B..<..(.~3..........\.5o.j...

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	114703
Entropy (8bit):	6.056430571556089
Encrypted:	false
SSDEEP:	3072:tzoL0U71itz8cBrkfHDHQta8XOrD+PSXC9c72A8nqn:tzc0Uotz8cB4fHDHQo8XOuPSXC2qE
MD5:	D3754AB24FB3BCA437314512172D37A6
SHA1:	A803744CE9A4C6B58DF78EB98D50F614FCAE287E
SHA-256:	FBCB88B55D3B8BE6CB22375012059A7B14DAD9F07898572C8E3FF2BC50EE4AF6
SHA-512:	FC9DD0472F63F02B6E540D482F7299C40E2F9812AD38139E4BB596832D847D4716CCE40E8899104FEDB852FC30D5D54BD1BE2E90B474458BF01280715D0ADC14
Malicious:	false
URL:	https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&btvi=1&fsb=1&dtd=1583
Preview:	<!doctype html><html><head><script>var jscVersion = 'r20240709';</script><script>var google_casm=[];</script><style>a { color: #000000 }.img_ad:hover {-webkit-filter: brightness(120%)}</style><script></script><script>window.dicnf = {};</script><script data-jc="42" data-jc-version="r20240709" data-jc-flags="["x%278446'9efotm(&20067;>8&>`dopb/%<1732261!=\|vqc)!7201061?'9efotm(&20723;>:&>`dopb/%<1245;05!=nehu`/!361:<320!9sqrmy"]">(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var u=this\|\|self;function v(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=u,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};var aa=v(610401301,!1),ba=v(188588736,v(1,!0));var w;const ca=u.navigator;w=ca?ca.userAgentData\|\|null:null;function x(a){return aa?w?w.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function y(a){var b;a:{if(b=u.navigator)if(b=b.userAgent)br

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 400 x 242, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	29677
Entropy (8bit):	7.982029005988853
Encrypted:	false
SSDEEP:	768:juglck2MIQzWHwp2fNUVDWTzKcGvT5HeMhAb4:juglckGQiHw0f6ViTzKxT5Hp6b4
MD5:	79C4F06DA043A8443F427F6C653B50FF
SHA1:	8DF9998792FDF271272E2EC30A1C497999541150
SHA-256:	0314BA4F5BD1A7A6B9AD1D09D078379ADDE0A946511A322DEB13930E96F08326
SHA-512:	C629FBBE40B51954A3664CD2CDE333BE78DC643FCC5607E1A5DB1E4C7EF939E134F716A819C040A3CF135C1E7304A17B4B6EF342529CD50788EB4932EF0E54E0
Malicious:	false
URL:	https://www.burnaware.com/images/free_burning_software.png
Preview:	.PNG........IHDR.............c..)....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:DEECC3DDEB9E11EE88B38ED82BBDD07C" xmpMM:DocumentID="xmp.did:DEECC3DEEB9E11EE88B38ED82BBDD07C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DEECC3DBEB9E11EE88B38ED82BBDD07C" stRef:documentID="xmp.did:DEECC3DCEB9E11EE88B38ED82BBDD07C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..d...paIDATx..ipd.u&............vV.E.I..I..%Q...<.........pG...O.{.GO.DL.#<m;.Yl.l.-k.&..}.*....Ba..D.....r{...b-..

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	963
Entropy (8bit):	7.692474306064967
Encrypted:	false
SSDEEP:	12:6v/7iftsv5XOywPbABts4u/vPF1q23kutNgQZ6qskjOYRQg+JkScAx9eb4mdoenO:JMXOFkBts4u/vZfJEkI9eEmdo6m35j3h
MD5:	1EF7C00920BEE9B4AE49BB44FD4EA4DB
SHA1:	831FDD6AF695216E602E674FABBB93AA5A0D7941
SHA-256:	731E6A3FB0556ADEDEA2B0F0179B76E3940973100F47F13F2875684E9641A1A3
SHA-512:	72399137A459451D23C26EC2AF2AE1DB79DB3074E41298EA97C34059E00B072578878D6F1466075B8D49C9BA91AB521BEC029A89DDCDDFE91C4727738526640C
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....sBIT....\|.d....zIDATX..VmL[U.~.{K....hK(.`.R..!..e4.bdls...O.......0q.....L../]gX..:C4.\|dk.Aa.[..BM..m.=.....K..1>.{......K.........D......P...0.........6i^^J.L&.........M..HOD...D.O.9.r....^.=.....&.......m..32a0.....h.@TRb.+..<...e~!wbb.IA.80.<@V.]....M.......-.......\|4.......N...g...9...t....OO3....v.)=..r9a........Pd.....@...%"....B..FDUa.!...S...& !....rr.@D,Z}<.bu\..~....V.....7~.h..b...}..i..\|.B....DR...1....F.....[..(^.Cw........./.....1!y.JE@...9...+.u^.W.X..H.=...:...\|...s...nxF*m..xcR.@@......UW....9<m......../...`." ......9U....s\|..!..7....o}p..Q.....&..7.6e.....\|1W...j3.[..'.....s_.......O...............!qL..4.jl..$.o/...yy...2..P..S443x.p.\|ckC.k.g..I[3.fl.L.P..h..5KE..J.^.E\|6{...;.g}...kr.L.....mcI.V+.k.....R.".X.sY%...u..Z..\...P)T....R.[x.6..h6.\|......@.".o....Vf/........49..At@q.o.....s......!OJ..d>...K....b....:..b.A...T.;..Z.,Q>.....IEND.B`.

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2020)
Category:	downloaded
Size (bytes):	12817
Entropy (8bit):	5.34459161517544
Encrypted:	false
SSDEEP:	192:Gq6KPV24ZKs86O/DfVcOfFmI46coWCTGdhFKdbsWkzY:GkxI603wI46xWSGdhUr
MD5:	1D3D22DF067F5219073F9C0FABB74FDD
SHA1:	D5C226022639323D93946DF3571404116041E588
SHA-256:	55A119C0394F901A8A297E109C17B5E5402689708B999AB10691C16179F32A4A
SHA-512:	0B6B13B576E8CC05BD85B275631879875A5DBCB70FD78E6C93B259317ED6FD5D886F37D0CC6E099C3D3A8B66FEA2A4C2C631EB5548C1AB2CD7CB5FA4D41EA769
Malicious:	false
URL:	https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Preview:	<!DOCTYPE html>.<meta charset=utf-8><script>.(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.'use strict';function m(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var p="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,d){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=d.value;return a};.function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");}var r=aa(this),u="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),v={},w={};function x(a,b){var d=w[b];if(null==d)return a[b];d=a[d];return void 0!==d?d:a[b]}.function y(a,b,d){if(b)a:{var e=a.split(".");a=1===e.length;var g=e[0],k;!a&&g in v?k=v:k=r;for(g=0;g<e.length-1;g++){var c=e[g];if(!(c in k))break a;k=k[c]}e=e[

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 250, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	26694
Entropy (8bit):	7.941722511906287
Encrypted:	false
SSDEEP:	768:OgkZbhg187kDK1z4bXRAnTggRZa562VJqSm3K9ivHQ:MlhJwDKShATDRWJI3K9ivw
MD5:	63E3E29DAE3AAB9D346A3275CBF9C5D7
SHA1:	9DF1EEE46392E83FA5DB78197516133F0E0638BF
SHA-256:	518614C5B1378A48A284B99AC0403F37E69F1B500F1A447D08523D7523C365F1
SHA-512:	B0133DF208C2124A8636CADF20B5FCE772CB7B77530983960EDA7BF939DF4254A00D76DDA247E99863D766AFC0EDC493FAE998ED5AD8210172DAA573BD09E5F3
Malicious:	false
Preview:	.PNG........IHDR.............y.......pHYs.................sRGB.........gAMA......a...g.IDATx.......6.....6.......QV..o.e1QAof4hPA..7.........`.Ee$..E......B..Y...Bdu!12.A.............Tw....~..tf.>U..<.;K.....BDDDDDDD.p........Q..2.........2.........2.........2.........2.........2.........2.........2.........2.........2.........2.........2.........2.........2........q..3.q}.g...\.ML.}..n....tz....r9......s.g..H.........&9.a.p...N....o(....Q..'.+......>X...*..N.0JN.g...%....J.=.>...K...../,...T..L....._.w....Wm..-g..k./$.kY.A..:...W.7..../;.'-ZH...... ...K6.......XQ&""""""..]Q.P.i....qG9H....m......r..^...._..4.........Zu;+......=.....E.M......._..U...........k.....h.......h..~.:.......K..f...l.h..0.n..f6....u..TDDDDDDD.wf.\|X....D...v.&"""""".aP&""""""......{.......(..g?(>..5.........2.........2.........2.........2.........2........q.....DvP.V.-h+DDDDDDD.t..^....d..(...r..`........e..E.j2..........A........A........A........A........A......A.......}BDDDD.

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65245)
Category:	downloaded
Size (bytes):	72380
Entropy (8bit):	5.291235892642397
Encrypted:	false
SSDEEP:	1536:KDFXTRMYFbeDtyZxg6V4mMeexs1Lzu3JlQ5uCe/ZiEm4kWpfBogmzmPx3SgQ47Gl:AuIy3JlQ5cF7m+SgQ47GKA
MD5:	FB8409A092ADC6E8BE17E87D59E0595E
SHA1:	CF8D9821552D51BB50CE572E696ABA1309065800
SHA-256:	E3E5F35D586C0E6A9A9D7187687BE087580C40A5F8D0E52F0C4053BBC25C98DB
SHA-512:	FC35D35EBEA742874C522ABE2142580ADD8F3CE523AC727DC05AEAA49DD79203CD39955F32893B711C3A092C72090C579FAA339444AC4A1D7FB0C093175ACBFE
Malicious:	false
URL:	https://www.burnaware.com/js/jquery-3.5.1.slim.min.js
Preview:	/! jQuery v3.5.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-deprecated/ajax-event-alias,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(g,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,v=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),m={},b=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},w=g.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function C(e,t,n){var r,i,o=(

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 400 x 242, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29677
Entropy (8bit):	7.982029005988853
Encrypted:	false
SSDEEP:	768:juglck2MIQzWHwp2fNUVDWTzKcGvT5HeMhAb4:juglckGQiHw0f6ViTzKxT5Hp6b4
MD5:	79C4F06DA043A8443F427F6C653B50FF
SHA1:	8DF9998792FDF271272E2EC30A1C497999541150
SHA-256:	0314BA4F5BD1A7A6B9AD1D09D078379ADDE0A946511A322DEB13930E96F08326
SHA-512:	C629FBBE40B51954A3664CD2CDE333BE78DC643FCC5607E1A5DB1E4C7EF939E134F716A819C040A3CF135C1E7304A17B4B6EF342529CD50788EB4932EF0E54E0
Malicious:	false
Preview:	.PNG........IHDR.............c..)....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:DEECC3DDEB9E11EE88B38ED82BBDD07C" xmpMM:DocumentID="xmp.did:DEECC3DEEB9E11EE88B38ED82BBDD07C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DEECC3DBEB9E11EE88B38ED82BBDD07C" stRef:documentID="xmp.did:DEECC3DCEB9E11EE88B38ED82BBDD07C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..d...paIDATx..ipd.u&............vV.E.I..I..%Q...<.........pG...O.{.GO.DL.#<m;.Yl.l.-k.&..}.*....Ba..D.....r{...b-..

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4179)
Category:	downloaded
Size (bytes):	213332
Entropy (8bit):	5.542760084833717
Encrypted:	false
SSDEEP:	3072:ALavJYqOXGO4eFho40sWDagcIzUk6KtO1F5IL7pg5AOuDWiWAYZDOZhLpC:0qOWPejosWv1+5ILFg5AOuDWiWA1ZhL4
MD5:	902FE56367349BE72CD7C4F85E64794B
SHA1:	817227D3BC5C78A957ACA28908FB912670C76E27
SHA-256:	40385636A60AD2AA3D272F21648AD88676B982E828A4C7967AD21BC0AD12FF58
SHA-512:	96C2B65401BC3405C87AC8D361BB094AD66D2B3A3280569C040AF9C6A93ED239A65D6E8BDD176D75883CC64336A93ABA7FBC8740DD70DA79E1CAA925C6272919
Malicious:	false
URL:	https://www.googletagmanager.com/gtag/js?id=UA-4846638-1
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_1p_data_v2","priority":2,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":6},{"function":"__ccd_ga_first","priority":1,"vtp_instanceDestinationId":"UA-4846638-1","tag_id":9},{"function":"__rep","vtp_containerId":"UA-4846638-1","vtp_remoteConfig":["map"],"tag_id":1},{"function":"__zone","vtp_childContainers":["list",["map","publicId","G-R0FFV0Q2KK"]],"vtp_enableConfiguration":false,"tag_id":3},{"function":"__ccd_ga_last","priority":0,"vtp_instanceDestinationId":"UA-4846638-1","tag_id":8}],. "predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"},{"function":"_eq","arg0":["macro",0],"arg1":"gtm.

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 250, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	26694
Entropy (8bit):	7.941722511906287
Encrypted:	false
SSDEEP:	768:OgkZbhg187kDK1z4bXRAnTggRZa562VJqSm3K9ivHQ:MlhJwDKShATDRWJI3K9ivw
MD5:	63E3E29DAE3AAB9D346A3275CBF9C5D7
SHA1:	9DF1EEE46392E83FA5DB78197516133F0E0638BF
SHA-256:	518614C5B1378A48A284B99AC0403F37E69F1B500F1A447D08523D7523C365F1
SHA-512:	B0133DF208C2124A8636CADF20B5FCE772CB7B77530983960EDA7BF939DF4254A00D76DDA247E99863D766AFC0EDC493FAE998ED5AD8210172DAA573BD09E5F3
Malicious:	false
URL:	https://tpc.googlesyndication.com/simgad/2804264410609080114?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmvQ5sww2nJCzM_Ob6W7F_uvApECw
Preview:	.PNG........IHDR.............y.......pHYs.................sRGB.........gAMA......a...g.IDATx.......6.....6.......QV..o.e1QAof4hPA..7.........`.Ee$..E......B..Y...Bdu!12.A.............Tw....~..tf.>U..<.;K.....BDDDDDDD.p........Q..2.........2.........2.........2.........2.........2.........2.........2.........2.........2.........2.........2.........2.........2........q..3.q}.g...\.ML.}..n....tz....r9......s.g..H.........&9.a.p...N....o(....Q..'.+......>X...*..N.0JN.g...%....J.=.>...K...../,...T..L....._.w....Wm..-g..k./$.kY.A..:...W.7..../;.'-ZH...... ...K6.......XQ&""""""..]Q.P.i....qG9H....m......r..^...._..4.........Zu;+......=.....E.M......._..U...........k.....h.......h..~.:.......K..f...l.h..0.n..f6....u..TDDDDDDD.wf.\|X....D...v.&"""""".aP&""""""......{.......(..g?(>..5.........2.........2.........2.........2.........2........q.....DvP.V.-h+DDDDDDD.t..^....d..(...r..`........e..E.j2..........A........A........A........A........A......A.......}BDDDD.

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5164)
Category:	downloaded
Size (bytes):	209005
Entropy (8bit):	5.427200994993422
Encrypted:	false
SSDEEP:	3072:3LP2amHOPIlOhZ8nFUYxd7FrPr7rN5c1bVRgAAGiznmS5RSPzPhoiPyzX7:bP2amiOz3NK1JRgAnCmSbSPrhbPyzr
MD5:	92059C0531EB019523665E691E9E806E
SHA1:	D77A0E778CF584FFB7807C46AC849F9F3C1A54FD
SHA-256:	A1BD30BEE0C4193AE03CE416E750F17B757B175B3B6390126B91A53D8F599392
SHA-512:	8C9C131704A4C4F08D755F1E4AF7CACB6948B705FF1AB6A1DA49FFFA505998CDD750B7A00706A9F0A5378B5E1DB3314BBA6EF11EBCC56F2B1187CF1BB649D3C3
Malicious:	false
URL:	https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Preview:	(function(){var n,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");},da=.ca(this),q=function(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.q("Symbol",function(a){if(a)return a;var b=function(f,g){this.og=f;ba(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.og};var c="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",d=0,e=function(f){if(this instanceof e

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65324)
Category:	downloaded
Size (bytes):	160387
Entropy (8bit):	5.07835538503575
Encrypted:	false
SSDEEP:	1536:2THqIJOT5SyEIA1pDEBi8y2c2SEeA1/uypq3SYiLENM6HN26H:YH9KGGq3SYiLENM6HN26H
MD5:	AA038CDACD9984A6092208A0B8E0AEF7
SHA1:	CBB1E712FEEAB7D8294A507BF7E53F404348CCCF
SHA-256:	1EBAA1B2EABF09202638C0DF9F7BB326CC59CD0F201259F269BF55C435716A74
SHA-512:	53D4805D7D3A774267F62C5DE2C4AB5252FEC0F3EBDC42AB679D4D1224BEFB75941594195B643D17A3E78352D59459E6F36A2E4C9917122B3BB0E031D1E3C4B6
Malicious:	false
URL:	https://www.burnaware.com/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.5.0 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors. * Copyright 2011-2020 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2384
Entropy (8bit):	7.89977817038592
Encrypted:	false
SSDEEP:	48:uwD+WpL5JP0TAsdAZXKG31kEnU307mk8iG5MSoYr9Y1JKt41iKA:uwyWplJodEeMUE7mkG5MSzY14
MD5:	2FCD14F0E49FC5871B19A3D77D452917
SHA1:	07ACF2CE9D7467E33CA78482D2853F3C6B6F59C3
SHA-256:	EAC957A624C40E46671831C1D1005E24B41E0D47B0EF997B93CEFCB1EF06F6AB
SHA-512:	EA3E5F1C09DA9F462F35C0C166815B7AF8AA2DA8772AA7A6B43E556A47BA9FA9A8F6BCFDA720EA8A991FC6E217BBA4BACD7C55CF1DB5063DEA7F6916DEA8750D
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....sBIT....\|.d.....IDATX...ip.........{.r..!!.A..0HT...3.Ngl.M.t.)...v...i....8R.j.R[d..V...Bd....K......... b....}.s.s.......g.g.5w0b.t......!h...................7.........?i. d...X,i....n`9......V.....Rw.....=..)3.!{DAr..........8&.n..G...m..>..@..l......NU......+.x..F..d....9t,...4.P.P.@...g.iy......xu..l.d............f0.OU....+-&.......4..W..h.p.0.......]=)..W.%3...t..6t.....}.$.&.Z1.....1.u6S..E..\.n].:.H:BHL..#n..C.]7e.3.sI....\|.5.u.q{5[?.%.O...^..........m.i.."..8..."........\...yW.....G@..^7c9b...nZ.8....`.T[t..."...\|.5..Y..>..;...<3...e7.}...R%.oi....3.KnV.P.....[.y.....(M.q.q3{....^w....@.a.1L.A.\|.T.'.:q0....A.o.\u..wK......aX.......P0.N.5w2.p..@....!q.b..`.&_<..L.cTn....T.......5...j.U......z.1N..../...>..q..<c>.?....A......O....1at4.....{.4......m}>...c.^..Nr...u.n}...$n....&3.p.....g!]bT....:Z-q.3.ol...d.).9.@(..XU+.y.0[v..-...}b..u..9.n..P;R\.`J.]m.4..K. .`&........7..<...h@J.yw....\|..

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 220 x 300, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	65792
Entropy (8bit):	7.993995625349791
Encrypted:	true
SSDEEP:	768:aZt6pEAyGS7YyLu0nVnKj92dmqOHf4waRo62R+TJ7Ft7ckYctbEFT29BnvUuJV3Z:aZbGIYl0VnKjlqaZR++cc6ncubAOL
MD5:	8380E9CFAC2EEF537BA1817D2770C3FC
SHA1:	BACD15221CF8D9E3BED2C82AB1BB1C3670C8F35C
SHA-256:	815E49043B0305D92F09CB5DB2C81F1F06654A92055B69A526967871CE6C1C7D
SHA-512:	243B9234FFBB9CF56DA52040C40B3869C2178793D8C2AE9E166449BD9A3BC4E7753AD6BAE0CEE939802ED39B8F14418F6BE0F4A2FE5863861CFCE8617EF183CA
Malicious:	false
URL:	https://www.burnaware.com/images/boxshot_ultimate.png
Preview:	.PNG........IHDR.......,........,....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:5B3E8449F02711EEB6498B5DC7D4AD46" xmpMM:DocumentID="xmp.did:5B3E844AF02711EEB6498B5DC7D4AD46"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5B3E8447F02711EEB6498B5DC7D4AD46" stRef:documentID="xmp.did:5B3E8448F02711EEB6498B5DC7D4AD46"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>LG.....tIDATx..y.$.u................. .. @..H......L...l.!.A....C.D...[......@..@........fvw.gz....\|.._f~gfv/..

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	2.568660328439097
Encrypted:	false
SSDEEP:	24:NLBdUGgdXrNzEfct5gegpySieAhKQf8/7JPhBjzaz/OeS6G1R5FtLRpqR:dUGgd5za6VgqxKnBD34SRFrpqR
MD5:	073BCB570A5796519A36BE422EA68EC8
SHA1:	A44ECB32DE596D06109C31F71E9C0783B6EA65C8
SHA-256:	446681A77FDA390E1312ECF4AF9C79398B0E491A02BF9CC616F3C806CA68E345
SHA-512:	B1902228A86BD99CD29ADE00B9757E31B408D101A9A8F6B25A81EFDED6CC4FEC3AE2CEFAD842D168102BFEB38F6D42BD7C68AB420A7C64BBB0120417C4D9676A
Malicious:	false
URL:	https://www.burnaware.com/favicon.ico
Preview:	...... .... .....&......... .h.......(... ...@..... .................................................................................5...5.. 5..s5...5..5..8....................................................................................................................5..O5...5...5..5..1....................................................................................................................5...5...5...5..r................................................................................................................5...5...5...5...5..v................................................................................................................5..5...5...5...5..E....................................................5..X5..5..5..5.._5..!................................5..i5...5...5...5..................................................5..5...5...5...5...5...5...5..5..d5.......................5..5...5...5...5..85../............................................5...5.

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x349, components 3
Category:	downloaded
Size (bytes):	22590
Entropy (8bit):	6.962901479336723
Encrypted:	false
SSDEEP:	384:nrxtA8dgmQB+4gJec2jlfaZk9BT20gBOvZUYwuJ6jUIF2:nly8dgmQB3M20k9ByVBdS63c
MD5:	DDDF37D3EF7E68906E8240360B2D8A13
SHA1:	850633C9B2A0BB2D93EA38B5E88AE4DCC1C3428D
SHA-256:	C88A3D062DEE85EE2EF987253E5B5805783AEED1C340FB2803F0DA17492D73BE
SHA-512:	E06414C9A99A923463037A01DEB5F99A33C8306AF4CC0C18B2E317B756A4DB039413D679871A2C7991B905200C0D8839294C94AE062253E36DCB643141095424
Malicious:	false
URL:	https://www.burnaware.com/images/dvd_burning_software.jpg
Preview:	......Exif..II*.................Ducky.......P.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:EB9029A79CDE11EDB153C141EE404C89" xmpMM:DocumentID="xmp.did:EB9029A89CDE11EDB153C141EE404C89"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EB9029A59CDE11EDB153C141EE404C89" stRef:documentID="xmp.did:EB9029A69CDE11EDB153C141EE404C89"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2343)
Category:	downloaded
Size (bytes):	52916
Entropy (8bit):	5.51283890397623
Encrypted:	false
SSDEEP:	768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
MD5:	575B5480531DA4D14E7453E2016FE0BC
SHA1:	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
SHA-256:	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
SHA-512:	174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
Malicious:	false
URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r\|\|u();v=v\|\|q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING\|\|[];w.TAGGING[a]=!0};var ba=Array.isArray,c

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2018
Entropy (8bit):	7.796473412891644
Encrypted:	false
SSDEEP:	48:mc3tOQLNeAF07jAHfSY8PlgMV+GTXC/gOqSvJK9clNR:v31NeA27jmV8P+U+7qCJKKf
MD5:	E7645B180FAE9B451DD8780F9B13DEAB
SHA1:	DCCA05BFD3C01854931EBC69571DFEB79224F0B3
SHA-256:	8C2FB92E5E8368B1747597BCCD811ACA8E969DFCE69C3EA95C14E6F9D025C2D4
SHA-512:	842328DCE005DB24A6C0197461781F4296AC884D54158510627254D6FBD8FCF298C0F6B3B0D5D6FD65346CD1AE2A3B5F0C7C108E9976A9E38EA2EF819C9D59D4
Malicious:	false
URL:	https://www.burnaware.com/images/disc_burner.png
Preview:	.PNG........IHDR... ... .....szz.....sBIT....\|.d.....IDATX...kL[......9......v..0en.iH.&..9%.B....S..}.4..I..o.I../Q7m].]........k.T..`(m......c.....>`...h..H..=...o..>.eTXX.].w.`0........e...6"...3....n...@;.........x<w..'.DQDm....R..`...... ".r....#..e..@..3&..\|........Z....B...%.....(+.o....Z.#yF.......tx:;(.F..W(.y..2...?0.o.H$.I..]...i.Z...G......V":GD..@..DMu....[f.Y._.....{.{.w..V&.Ie..g..HD.d2..K..LP.._;~.z...^..AD..P^.p7.........3.......s.o..M.....Nr...?lF(......W`6....D..@...c........R...........Rl\|.c..~.^....\|..=.zf>.......1..@QXX....1. .-. ....++......)...\|U;4<]...`.&.&.x-....mO.........$.....Z....M....c...k...@....q..!.N......\.ck.O...=.[...@AD]..6@.o...6".........C........Q...ly.=..Hl^. .-.x.6[-...{.wll.06>^.`'37..EH . z....$%..t....O..n..;...09..6\|...{.........[...tH.. "%........'......Zg{F..&KR$......^......).a...LG.........hMu.M. .....D..H...k.n....y.f~.}...B.p,..~..K'...S.Z..e..$...LDZ.......F.!hY!.d.............f.y.Ng..d.O.

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52964)
Category:	downloaded
Size (bytes):	54232
Entropy (8bit):	5.694885252288895
Encrypted:	false
SSDEEP:	1536:jbAIDK/szf/Q0wesEndmnBO2imLxDCwtn0:IIRn0ZQmnBfH5h0
MD5:	3498D2712BF97DF3A2C6A50AE3546787
SHA1:	B3F7CEEB0932181BF9D19639E2A002DDEC8AC1D6
SHA-256:	4FBFAD983F0C6B2E0D1E47EBC2197D7ABBE212A690A21577F80C7C2AEED7BF57
SHA-512:	FED6DE7CA7EE8184E9D702972E0180187233E56E52EC1E73B26DE735DD3E1365C5B9D040BD587B354052473A8CA231269399181D4E8A51E8FF5223A7444C050C
Malicious:	false
URL:	https://pagead2.googlesyndication.com/bg/T7-tmD8May4NHkfrwhl9erviEqaQohV3-Ax8Ku7Xv1c.js
Preview:	//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function L(V){return V}var w=function(V){return L.call(this,V)},b=this\|\|self,W=function(V,n,P,t,H,E,d,F,v,r,M,l){for(l=(M=91,6);;)try{if(M==99)break;else if(M==V)M=F&&F.createPolicy?37:69;else if(M==91)F=b.trustedTypes,v=d,M=V;else{if(M==t)return l=6,v;if(M==92)M=b.console?n:t;else if(M==82)l=6,M=92;else{if(M==69)return v;M==n?(b.console[H](r.message),M=t):M==37&&(l=P,v=F.createPolicy(E,{createHTML:w,createScript:w,createScriptURL:w}),M=t)}}}catch(K){if(l==6)throw K;l==P&&(r=K,M=82)}};(0,eval)(function(V,n){return(n=W(42,32,38,90,"error","bg",null))&&V.eval(n.createScript("1"))===1?function(P){return n.createScript(P)}:function(P){return""+P}}(b)(Array(Math.random()*7824\|0).join("\n")+['//# sourceMappingURL=data:application/json;char

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 20x20, components 3
Category:	downloaded
Size (bytes):	1077
Entropy (8bit):	7.14617450159217
Encrypted:	false
SSDEEP:	24:dDcpnWhio0XxDuLHeOWXG4OZ7DAJuLHenX32pWDqHAQrGLy4T0:1cp+uERAmgQrWrT0
MD5:	DBFB679FD22FBB3A5D7A0C98D89C108A
SHA1:	C2F957BB819CD0985A97067A14012CE142714002
SHA-256:	11C7E1D9FA4EAC91BBA94CCE1B1C2F90B7CA0F20D984E443322630B18F321D92
SHA-512:	3F9AA078180EFED5F435E7B6A30CDE092649D711C98A7D6D67330097494C8EFF8DB6DEA0910627A422F047A641DCBB2E229F218B5374D5FB5DD6E2AC0E3A6B94
Malicious:	false
URL:	https://www.burnaware.com/images/facebook.jpg
Preview:	......JFIF.....`.`....."Exif..MM...........................Ducky.......d.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..d.O$....'.#./\|D..<e.o~...<Q._.xo.hvv...I.$......i.#.c.5+....\|{....s[...I$,.......+.K..W.q...'.c.@....=\|7k..7......V..z...i...n".42s.9.^s.?z.,^3....<e..1n.)...sl.v...>.-.F.I.^.[.........~>...?.\|Ec..V....> .......V.Ai,.1+.#g...Xm_....V...+..C.h.iv...uyk..Xlb.g.-....5`......E{...W.w..Do..$e..1.z...E...

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	986
Entropy (8bit):	7.74339844171006
Encrypted:	false
SSDEEP:	12:6v/76wpWZPDXQboaXSVzn/VJxnbAixnP3+gGqx2HsZjiULTezqSY8FbQg68dfQ9t:cOeiBnTdAq30mjiUm2S8g64ofEG
MD5:	B0425908BB7F766F7738D68F59CCD611
SHA1:	96E799EE7A81A11AF945E87A0D5AE4775978B549
SHA-256:	33F36AFCEB9E9D7195DA0620FD724E87B04C1845EBF4D56C4F907F74897B01A4
SHA-512:	2FE7521F0EDE145FA81D10D05EE6DE06856F821668E32FC94975FD6921193768502CDF7C7890796BDC51350690CF12AA4BC66A03F90E0F365943801A338D8C5C
Malicious:	false
URL:	https://www.burnaware.com/images/facebook.png
Preview:	.PNG........IHDR..............w=.....sBIT....\|.d.....IDATH...]h.e....m...4.H.....K;..1..`E...7D..F..n..z.0....2..iA..C......Vt.1K.G.4....i../.].G........s.W("k.....8.<....]...".p......bA..3..u<t\|......2.I.Y.......>`.4.+.._l..,-........Va).......U..+..f&......7...p.C..~\|.#........./N.......l;.~.'^.pMD:... ".L:5.p5......M.`.......Z!0". v.U.>..}.9....2...T....+.u..+.......=.y.......>G..vy......\|s.O...tj..D......g..J;-....s.Z.....+...^X..s.[...[.k.;.mN7..^.2.R.R...F:...F.....n.....F..d.Z...+....&.4...s2`.Y.as..x..x.........[x.....P..;.xm....do..H$4.H._N.......@..`....j.........P`...S.....M...).(`lnB.1....'...../.z.#.......4SdZ.I.....s...i^..y..{k.=p]Q.r88.m.\|....n..?......Pl):..Ew.L.~...D..D...Tb-.P...03...qU.wTO.z....r,. ...if....cf:5l.SU...Y\%4./..1U....hh.:..=X......p5..>-....\U.g......e;."..15..i..\D.8""......o...Q..%..-..\G.>...DmK.K..".G.\Ua....W.P..G.......<.t........-.q.....K....y$..R.g....IEND.B`.

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	17047
Entropy (8bit):	6.017191129101062
Encrypted:	false
SSDEEP:	384:/FIuvdNh7lX+q84tbwQ0akG0lOyTLVHA/ioz+ZC6OUt:S0rlXhlz0I0lOyta6t
MD5:	AFF607D6B52F3B5D799C1D34D7567785
SHA1:	ACF0D21F4638DCE7EE50E8AE2374BCCFF50704B8
SHA-256:	00CB420D9B55157ABC2961AE5C9834A0C0CABBC454C746A7A1C1B62B4277F292
SHA-512:	81B08D5566D615683580BB1F6EABBB4B73B2BE78FF491A094742C5E1A153B517A5DE589E97C7D215DE3EF70A11B16A11DCF9EEBAC338A5DAC2EF802FADC0AB22
Malicious:	false
Preview:	{"sodar_query_id":"-xiQZqpw1dDvwQ-Z9Itg","injector_basename":"sodar2","bg_hash_basename":"T7-tmD8May4NHkfrwhl9erviEqaQohV3-Ax8Ku7Xv1c","bg_binary":"dgrYw9QfMz43iILXYpeP5/Yyz2/uRxFhTWrE3RW6BxJA8rkYd7XLz1fjZpKQmKV0KgB7Rd/qhWVD1LfAUxKmQoMlWb1PP98Ui1amZUMZQ07eR3J0zF3rn9dbxyXn0c5qWd1GUVolGWfk6/nJtrqmjVO5Buvxcjvbz8zWUSrIrK0A5cVTUfBxtKsvqvq277D01jHjqTZJu2xa3eB+x23pMIBOMhW3xRs7nztzgqsL2YlTH6aaLYMJdZnmkx+ElYEInMWR17TYaH3Pqrq/5VSRSi9YlCo8aVQyojCRr4E94VtZF39Gqe2bfkS0xm6ZEh/WB7HGPMLLsA055+A9+f6010h/W3rZASu+4btrgP7JW2MJAnb0KC9q6RDIVQnErj6Bdek/iitYEJp/dNP56cEIPTmV6oUao6f4l1tmCUnWu/AwrQRUt3FnnoEElSZ/IB5x9+r+X1CPnrlzZs6/lpbQdlBsx1jH2IPvvSB2S5Zs7GDijqnWygqNn6ai/RkzagxMalj5PHDSlkkC0YhVjOm2DEaZMVtQUN1TvtmXq9v7Z59177hQ5k3Ac0/hI4ANlNXVcwWbNZIoebzv+mhg8oNz7Ptub6TCNkC0fcOn9xC1XrtO51xVEhWO6lVkqcueLqEsd01c1kWCf4aoxXqwG1B8vtIKSUEB6OU74jHMDgydDsEQfWvO58i2xqiTcz69fSgvIVQvJa4kFII3kgBBODagjUx3jA7t3XQHNIfya1JTWG57GWiui59t10kgAiNSSAOAiy2AQQUF5yhN+J/XGQr+5QI1OOhKtej9FB51Uvb/XfzX1fKAYHTiLUVWQdvCEdkm2Ui8IOElv5Ah2oncR0pm

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	963
Entropy (8bit):	7.692474306064967
Encrypted:	false
SSDEEP:	12:6v/7iftsv5XOywPbABts4u/vPF1q23kutNgQZ6qskjOYRQg+JkScAx9eb4mdoenO:JMXOFkBts4u/vZfJEkI9eEmdo6m35j3h
MD5:	1EF7C00920BEE9B4AE49BB44FD4EA4DB
SHA1:	831FDD6AF695216E602E674FABBB93AA5A0D7941
SHA-256:	731E6A3FB0556ADEDEA2B0F0179B76E3940973100F47F13F2875684E9641A1A3
SHA-512:	72399137A459451D23C26EC2AF2AE1DB79DB3074E41298EA97C34059E00B072578878D6F1466075B8D49C9BA91AB521BEC029A89DDCDDFE91C4727738526640C
Malicious:	false
URL:	https://www.burnaware.com/images/best_software.png
Preview:	.PNG........IHDR... ... .....szz.....sBIT....\|.d....zIDATX..VmL[U.~.{K....hK(.`.R..!..e4.bdls...O.......0q.....L../]gX..:C4.\|dk.Aa.[..BM..m.=.....K..1>.{......K.........D......P...0.........6i^^J.L&.........M..HOD...D.O.9.r....^.=.....&.......m..32a0.....h.@TRb.+..<...e~!wbb.IA.80.<@V.]....M.......-.......\|4.......N...g...9...t....OO3....v.)=..r9a........Pd.....@...%"....B..FDUa.!...S...& !....rr.@D,Z}<.bu\..~....V.....7~.h..b...}..i..\|.B....DR...1....F.....[..(^.Cw........./.....1!y.JE@...9...+.u^.W.X..H.=...:...\|...s...nxF*m..xcR.@@......UW....9<m......../...`." ......9U....s\|..!..7....o}p..Q.....&..7.6e.....\|1W...j3.[..'.....s_.......O...............!qL..4.jl..$.o/...yy...2..P..S443x.p.\|ckC.k.g..I[3.fl.L.P..h..5KE..J.^.E\|6{...;.g}...kr.L.....mcI.V+.k.....R.".X.sY%...u..Z..\...P)T....R.[x.6..h6.\|......@.".o....Vf/........49..At@q.o.....s......!OJ..d>...K....b....:..b.A...T.;..Z.,Q>.....IEND.B`.

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1055)
Category:	downloaded
Size (bytes):	2690
Entropy (8bit):	5.39866636776827
Encrypted:	false
SSDEEP:	48:Otg7xBqHIN7QaE9Fa9FZpPiNmgrZyHicju8m5I0zRHkFRCmTx:fN7Qabhiwdicju8WhRHMnTx
MD5:	76A4D84DE75340D59CA06503A14184D4
SHA1:	2FE3C4A95AF88BE57D1912BB09DC463F69924402
SHA-256:	66E9BF446316F6EEC5EAEFA7098592BBD2144A60EB38C481DB233A6CA8B8D94A
SHA-512:	2ABE6C816B265B72A8023E8F832B9BED0FFD2C931BA07C5DA1AE0CB5D60178CBD1CEA9CE6AE0BB88F77614954C20836342AD6BAFE25EB1CA4D2AEB495E4E2BD2
Malicious:	false
URL:	https://tpc.googlesyndication.com/pagead/js/r20240709/r20110914/client/window_focus_fy2021.js
Preview:	(function(){'use strict';function f(a,b,e){a.addEventListener&&a.addEventListener(b,e,!1)};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .function g(a,b,e){if(Array.isArray(b))for(var c=0;c<b.length;c++)g(a,String(b[c]),e);else b!=null&&e.push(a+(b===""?"":"="+encodeURIComponent(String(b))))};function l(a=document){return a.createElement("img")};function m(a,b,e=null,c=!1){n(a,b,e,c)}function n(a,b,e,c){a.google_image_requests\|\|(a.google_image_requests=[]);const d=l(a.document);if(e\|\|c){const k=h=>{e&&e(h);if(c){h=a.google_image_requests;const v=Array.prototype.indexOf.call(h,d,void 0);v>=0&&Array.prototype.splice.call(h,v,1)}d.removeEventListener&&d.removeEventListener("load",k,!1);d.removeEventListener&&d.removeEventListener("error",k,!1)};f(d,"load",k);f(d,"error",k)}d.src=b;a.google_image_requests.push(d)};function p(a=null){return a&&a.getAttribute("data-jc")==="22"?a:document.querySelector('[data-jc="22"]')};var q=document,r=window;functi

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2018
Entropy (8bit):	7.796473412891644
Encrypted:	false
SSDEEP:	48:mc3tOQLNeAF07jAHfSY8PlgMV+GTXC/gOqSvJK9clNR:v31NeA27jmV8P+U+7qCJKKf
MD5:	E7645B180FAE9B451DD8780F9B13DEAB
SHA1:	DCCA05BFD3C01854931EBC69571DFEB79224F0B3
SHA-256:	8C2FB92E5E8368B1747597BCCD811ACA8E969DFCE69C3EA95C14E6F9D025C2D4
SHA-512:	842328DCE005DB24A6C0197461781F4296AC884D54158510627254D6FBD8FCF298C0F6B3B0D5D6FD65346CD1AE2A3B5F0C7C108E9976A9E38EA2EF819C9D59D4
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....sBIT....\|.d.....IDATX...kL[......9......v..0en.iH.&..9%.B....S..}.4..I..o.I../Q7m].]........k.T..`(m......c.....>`...h..H..=...o..>.eTXX.].w.`0........e...6"...3....n...@;.........x<w..'.DQDm....R..`...... ".r....#..e..@..3&..\|........Z....B...%.....(+.o....Z.#yF.......tx:;(.F..W(.y..2...?0.o.H$.I..]...i.Z...G......V":GD..@..DMu....[f.Y._.....{.{.w..V&.Ie..g..HD.d2..K..LP.._;~.z...^..AD..P^.p7.........3.......s.o..M.....Nr...?lF(......W`6....D..@...c........R...........Rl\|.c..~.^....\|..=.zf>.......1..@QXX....1. .-. ....++......)...\|U;4<]...`.&.&.x-....mO.........$.....Z....M....c...k...@....q..!.N......\.ck.O...=.[...@AD]..6@.o...6".........C........Q...ly.=..Hl^. .-.x.6[-...{.wll.06>^.`'37..EH . z....$%..t....O..n..;...09..6\|...{.........[...tH.. "%........'......Zg{F..&KR$......^......).a...LG.........hMu.M. .....D..H...k.n....y.f~.}...B.p,..~..K'...S.Z..e..$...LDZ.......F.!hY!.d.............f.y.Ng..d.O.

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59893)
Category:	downloaded
Size (bytes):	60174
Entropy (8bit):	5.147241957234445
Encrypted:	false
SSDEEP:	768:WLlcnSRAIvHVAYIE8Pg76Tjx4vbh3p6viDl0TS6SXH6G7e6Pxh35CCmVla4:WLl4SE0MJS36GPxhAV1
MD5:	6BEA60C34C5DB6797150610DACDC6BCE
SHA1:	544AFEFD148715DA7DD52D368A414703390CA0E0
SHA-256:	38544024DA1A0FC2F706BE6582557B5722D17F48AD9A8073594A0CF928E2E3FF
SHA-512:	2394E4BAD0290E39D6B97FAC98B20F64D870F8B85377C5AB4217422ACC421514AF845C76926F197C4A4D22117D9EAD389AC1E13A413C04C3818F9404D3BCA130
Malicious:	false
URL:	https://www.burnaware.com/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.5.0 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t=t\|\|self).bootstrap={},t.jQuery,t.Popper)}(this,(function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function s(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function r(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(t);e&&(i=i.filter((function(e){r

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C++ source, ASCII text, with very long lines (3323)
Category:	downloaded
Size (bytes):	9076
Entropy (8bit):	5.521814033404203
Encrypted:	false
SSDEEP:	192:zluJcdqJUhq7ek/RBIv7pwxgVWgesOqfy6a224tXeroltu:BuCkJUhq7eeRBM6AWgesJfy522uXeroa
MD5:	035969BA7FE185582CA9A372CCE6B616
SHA1:	13A0A6E38FBB29B6486A3346D61C888F11D25E3F
SHA-256:	0979555DB2B62146491AE2F96BBFEDD1C4E16FFCEC94310C95B5645E934BAF38
SHA-512:	3C8B2C8F3B9C9A370AEA8B6F34EBCAED46B2D7F2B164A03F3AFA8DFE1C8EE9004753D88E4D15B73D2FE0215633877CC7B61541232D4EF1A5379C5827411E5995
Malicious:	false
URL:	https://googleads.g.doubleclick.net/pagead/html/r20240709/r20110914/zrt_lookup_fy2021.html
Preview:	<!DOCTYPE html><script>.(function(){'use strict';/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var k=this\|\|self;function m(a){return a};var n,v;a:{for(var ca=["CLOSURE_FLAGS"],z=k,A=0;A<ca.length;A++)if(z=z[ca[A]],z==null){v=null;break a}v=z}var da=v&&v[610401301];n=da!=null?da:!1;function ea(){var a=k.navigator;return a&&(a=a.userAgent)?a:""}var B;const fa=k.navigator;B=fa?fa.userAgentData\|\|null:null;function C(a){return n?B?B.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function E(a){return ea().indexOf(a)!=-1};function F(){return n?!!B&&B.brands.length>0:!1}function G(){return F()?C("Chromium"):(E("Chrome")\|\|E("CriOS"))&&!(F()?0:E("Edge"))\|\|E("Silk")};function ha(a,b){Array.prototype.forEach.call(a,b,void 0)};function H(a){H[" "](a);return a}H[" "]=function(){};var ia=ea().toLowerCase().indexOf("webkit")!=-1&&!E("Edge");!E("Android")\|\|G();G();E("Safari")&&(G()\|\|(F()?0:E("Coast"))\|\|(F()?0:E("Opera"))\|\|(F()?0:E("Edge"))\|\|(F()?C("Microsoft E

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1321)
Category:	downloaded
Size (bytes):	17314
Entropy (8bit):	5.342134706855769
Encrypted:	false
SSDEEP:	384:cCDFzlR6exHAiyyrYuy9ckdnfczIk7LcuNP/p:DlsexHAlii9NmIeLcE
MD5:	2CC87E9764AEBCBBF36FF2061E6A2793
SHA1:	B4F2FFDF4C695AA79F0E63651C18A88729C2407B
SHA-256:	61C32059A5E94075A7ECFF678B33907966FC9CFA384DAA01AA057F872DA14DBB
SHA-512:	4ED31BF4F54EB0666539D6426C851503E15079601A2B7EC7410EBF0F3D1EEC6A09F9D79F5CF40106249A710037A36DE58105A72D8A909E0CFCE872C736CB5E48
Malicious:	false
URL:	https://tpc.googlesyndication.com/sodar/sodar2.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var l="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var n=ba(this),p="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),r={},u={};function w(a,b){var c=u[b];if(null==c)return a[b];c=a[c];return void 0!==c?c:a[b]}.function x(a,b,c){if(b)a:{var d=a.split(".");a=1===d.length;var g=d[0],h;!a&&g in r?h=r:h=n;for(g=0;g<d.length-1;g++){var e=d[g];if(!(e in h))break a;h=h[e]}d=d[d.length-1];c=p&&"es6"===c?h[d]:null;b=b(c);

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1553
Entropy (8bit):	7.83500902262791
Encrypted:	false
SSDEEP:	48:Fj13ZzBAHP4t3nJbxJ6tk/30h/478rgm31p:Fj1pyHEn9xJ666/m8rgkp
MD5:	43F8A96DD7784CBDA63395F982CE7B3A
SHA1:	068E3467F3AE7563EEFED057E4065C6FCCA2852E
SHA-256:	DEF21786FDF530C9F00CEE3FBFDA8B6BCE6A98146776FA0E6615DCEAC1EADE6D
SHA-512:	A2467A018BE1A19614DC8DD124A0032CD472A964893A239E2A126EE53391C8EA8C6C7729606D005118FAAB70A75939B6212B385128038D653A5AF3CE8493848D
Malicious:	false
URL:	https://www.burnaware.com/images/help.png
Preview:	.PNG........IHDR..............w=.....sBIT....\|.d.....IDATH.}UmpT..~.{.....oHLv.V6.@...1R..!.6...0.....Z.....2.L[....:....;...T.QB..C.$...............{..XvY$.;s~....>.y.s.K.?QPP.o....J..>.Q...~\.\..<..v...MY.&KVVVa..q..k..9..w..jNZ..H..RD.1...T_q.{.]....9<.......sC-...C.~...u.....v..8.}...52...L.).)G....x.V...D..'.Phzc...m{BvvtL..m..<.{O.4...h-...4...'5...Z^..i.....t.m.....E..g.h...m.C.D.havA..l..b..33...........:].#..`mh..G.......{....BD..I..8i%....1)...c.EB....Q.dDD.@^9.-.=.uZ.f.5..;........8<>6..q@s...w....]!...bv..s%.u.L.W....OnO...........r.'.1..3G...V...wG.7.\..a.`....[.....].b.\| ..... TY..p1V..=...{...\|&.d.=..3G..........\|t..G...v_.DQ..K.43.w\|>_.....:.ix.......I}.....7...z..s\|v).......\|.Xd.........2.tG._...........2.G.....,.....;Vae.AH9..<V...0..+XQ{.....0Y.!.M?...s.+k2.1.a.b...J.J.......)._...~r...ufr.{.ye3.24.&.Q.(-......xV...........J.....kY"..P..w........iX..../..4)...bK..k ..Ov...Z..V..6<t..-.M....GP.....o.E..F^.............n.

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	9200
Entropy (8bit):	4.371120947663805
Encrypted:	false
SSDEEP:	96:uaaH09py8NFO2nWrT8GSIhPWmkeTSxb0bYmPW/:uRVauTZEeeV003/
MD5:	73D47FEFB08FA9681F6ACB616C6E7BCB
SHA1:	C8404273BB66E615FC7B8FB53BEC4D3CA109F23B
SHA-256:	E521AB668D359605E21A1C25067909F2D8EAB077F61BF3F0968D1193B2155309
SHA-512:	AF7BB86A64B836565D3170C192771DC20330A67660F907FB1708BF0CF4E0D86FDA9DEE4A2D1AD3F44755C0E62388B7D922F936C95571C989CB8BBBDF15125F06
Malicious:	false
URL:	https://www.burnaware.com/after-install.html
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta name="viewport" content="width=device-width, initial-scale=1" />. <title>After Install - Burnaware</title>. <meta name="author" content="Burnaware" />. <meta name="robots" content="index,follow" />. <link rel="icon" href="favicon.ico" />. <link rel="stylesheet" href="css/bootstrap.min.css" />.. <script async src="https://www.googletagmanager.com/gtag/js?id=UA-4846638-1"></script>. <script>. window.dataLayer = window.dataLayer \|\| [];. function gtag() {. dataLayer.push(arguments);. }. gtag("js", new Date());.. gtag("config", "UA-4846638-1");. </script>. </head>. <body>. <header>. <nav class="navbar navbar-expand-md navbar-dark" style="background-color: #3c6fa6;">. <div class="container">.

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2384
Entropy (8bit):	7.89977817038592
Encrypted:	false
SSDEEP:	48:uwD+WpL5JP0TAsdAZXKG31kEnU307mk8iG5MSoYr9Y1JKt41iKA:uwyWplJodEeMUE7mkG5MSzY14
MD5:	2FCD14F0E49FC5871B19A3D77D452917
SHA1:	07ACF2CE9D7467E33CA78482D2853F3C6B6F59C3
SHA-256:	EAC957A624C40E46671831C1D1005E24B41E0D47B0EF997B93CEFCB1EF06F6AB
SHA-512:	EA3E5F1C09DA9F462F35C0C166815B7AF8AA2DA8772AA7A6B43E556A47BA9FA9A8F6BCFDA720EA8A991FC6E217BBA4BACD7C55CF1DB5063DEA7F6916DEA8750D
Malicious:	false
URL:	https://www.burnaware.com/images/free_software.png
Preview:	.PNG........IHDR... ... .....szz.....sBIT....\|.d.....IDATX...ip.........{.r..!!.A..0HT...3.Ngl.M.t.)...v...i....8R.j.R[d..V...Bd....K......... b....}.s.s.......g.g.5w0b.t......!h...................7.........?i. d...X,i....n`9......V.....Rw.....=..)3.!{DAr..........8&.n..G...m..>..@..l......NU......+.x..F..d....9t,...4.P.P.@...g.iy......xu..l.d............f0.OU....+-&.......4..W..h.p.0.......]=)..W.%3...t..6t.....}.$.&.Z1.....1.u6S..E..\.n].:.H:BHL..#n..C.]7e.3.sI....\|.5.u.q{5[?.%.O...^..........m.i.."..8..."........\...yW.....G@..^7c9b...nZ.8....`.T[t..."...\|.5..Y..>..;...<3...e7.}...R%.oi....3.KnV.P.....[.y.....(M.q.q3{....^w....@.a.1L.A.\|.T.'.:q0....A.o.\u..wK......aX.......P0.N.5w2.p..@....!q.b..`.&_<..L.cTn....T.......5...j.U......z.1N..../...>..q..<c>.?....A......O....1at4.....{.4......m}>...c.^..Nr...u.n}...$n....&3.p.....g!]bT....:Z-q.3.ol...d.).9.@(..XU+.y.0[v..-...}b..u..9.n..P;R\.`J.]m.4..K. .`&........7..<...h@J.yw....\|..

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 116 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3029
Entropy (8bit):	7.679307072931435
Encrypted:	false
SSDEEP:	48:7qwqQNn2xYan0J3Da0nqFTODOtqKkv1MkSOiw/9Ko7+tCn994FLBy4/Q/23tlv7i:iY2iqQHnqFT0cqK0iW9794c/29ljEz44
MD5:	52AC3D77CBD245C5E8BD81A661C06239
SHA1:	DD8A3166798981B425654D8C23AAC3E12AB0CD94
SHA-256:	85302F6574174E1DEA75182FFEC9904E7EB03221205FA04391B7C6DA187981F1
SHA-512:	7F0AB8D8FBD52EACF26BF66CF5DF5FF5902E4E74B2F453EEFCBE183D7391D996C37FB4433042B8CBA7E17FD4C7EDB3C54F409DD44FD489E8037071A91F323916
Malicious:	false
Preview:	.PNG........IHDR...t...........:.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:CFB97C5B9CD011ED8739F1288F2CE40B" xmpMM:DocumentID="xmp.did:CFB97C5C9CD011ED8739F1288F2CE40B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CFB97C599CD011ED8739F1288F2CE40B" stRef:documentID="xmp.did:CFB97C5A9CD011ED8739F1288F2CE40B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>@.....IIDATx..Z.lTE...v.]...(.B..9.TN..RQT..."." B..D"..x.<..@...r.+.....*x...Z(m......7.w.[.R.&.O..t.{.f..\|.d.u.

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 116 x 30, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3029
Entropy (8bit):	7.679307072931435
Encrypted:	false
SSDEEP:	48:7qwqQNn2xYan0J3Da0nqFTODOtqKkv1MkSOiw/9Ko7+tCn994FLBy4/Q/23tlv7i:iY2iqQHnqFT0cqK0iW9794c/29ljEz44
MD5:	52AC3D77CBD245C5E8BD81A661C06239
SHA1:	DD8A3166798981B425654D8C23AAC3E12AB0CD94
SHA-256:	85302F6574174E1DEA75182FFEC9904E7EB03221205FA04391B7C6DA187981F1
SHA-512:	7F0AB8D8FBD52EACF26BF66CF5DF5FF5902E4E74B2F453EEFCBE183D7391D996C37FB4433042B8CBA7E17FD4C7EDB3C54F409DD44FD489E8037071A91F323916
Malicious:	false
URL:	https://www.burnaware.com/images/logo.png
Preview:	.PNG........IHDR...t...........:.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:CFB97C5B9CD011ED8739F1288F2CE40B" xmpMM:DocumentID="xmp.did:CFB97C5C9CD011ED8739F1288F2CE40B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CFB97C599CD011ED8739F1288F2CE40B" stRef:documentID="xmp.did:CFB97C5A9CD011ED8739F1288F2CE40B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>@.....IIDATx..Z.lTE...v.]...(.B..9.TN..RQT..."." B..D"..x.<..@...r.+.....*x...Z(m......7.w.[.R.&.O..t.{.f..\|.d.u.

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	986
Entropy (8bit):	7.74339844171006
Encrypted:	false
SSDEEP:	12:6v/76wpWZPDXQboaXSVzn/VJxnbAixnP3+gGqx2HsZjiULTezqSY8FbQg68dfQ9t:cOeiBnTdAq30mjiUm2S8g64ofEG
MD5:	B0425908BB7F766F7738D68F59CCD611
SHA1:	96E799EE7A81A11AF945E87A0D5AE4775978B549
SHA-256:	33F36AFCEB9E9D7195DA0620FD724E87B04C1845EBF4D56C4F907F74897B01A4
SHA-512:	2FE7521F0EDE145FA81D10D05EE6DE06856F821668E32FC94975FD6921193768502CDF7C7890796BDC51350690CF12AA4BC66A03F90E0F365943801A338D8C5C
Malicious:	false
Preview:	.PNG........IHDR..............w=.....sBIT....\|.d.....IDATH...]h.e....m...4.H.....K;..1..`E...7D..F..n..z.0....2..iA..C......Vt.1K.G.4....i../.].G........s.W("k.....8.<....]...".p......bA..3..u<t\|......2.I.Y.......>`.4.+.._l..,-........Va).......U..+..f&......7...p.C..~\|.#........./N.......l;.~.'^.pMD:... ".L:5.p5......M.`.......Z!0". v.U.>..}.9....2...T....+.u..+.......=.y.......>G..vy......\|s.O...tj..D......g..J;-....s.Z.....+...^X..s.[...[.k.;.mN7..^.2.R.R...F:...F.....n.....F..d.Z...+....&.4...s2`.Y.as..x..x.........[x.....P..;.xm....do..H$4.H._N.......@..`....j.........P`...S.....M...).(`lnB.1....'...../.z.#.......4SdZ.I.....s...i^..y..{k.=p]Q.r88.m.\|....n..?......Pl):..Ew.L.~...D..D...Tb-.P...03...qU.wTO.z....r,. ...if....cf:5l.SU...Y\%4./..1U....hh.:..=X......p5..>-....\U.g......e;."..15..i..\D.8""......o...Q..%..-..\G.>...DmK.K..".G.\Ua....W.P..G.......<.t........-.q.....K....y$..R.g....IEND.B`.

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 20x20, components 3
Category:	dropped
Size (bytes):	1006
Entropy (8bit):	7.130835243135043
Encrypted:	false
SSDEEP:	24:dDcpnWhio0XxDuLHeOWXG4OZ7DAJuLHenX32V6HRNUkFMen3lHQ/VB:1cp+uERAnRCkRn3lQ/T
MD5:	79F379A6C99D16DC95EBDA36E314B731
SHA1:	DD550FC3C371F7214264AFE07A5ADFF165C2970C
SHA-256:	32BFA78868AF0DAC456FCA460EFE6239A35FB7EF954C7825C7D5F6D0020250ED
SHA-512:	6454FAE667934A0BCA6734188E7A6EB11A00B29FA80975C1F9245469E883A86A45AC12E35DE22281FA93A611F0F394624B9486E54379FB2E96C07B006E168125
Malicious:	false
Preview:	......JFIF.....`.`....."Exif..MM...........................Ducky.......d.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......V..3,2J..e..].8UEfc..p.5...<\|........u.....o..)...)_;n.w..~.....f_...~<.W.C]....E..T.....7.dc.rH7E#.!..`X..W...P/.7./.....g.c.h+...Z.O....@w.[..".-;...B....6..l.4.0.........k....N.:.v...j.....xg..c..Z\..t.&.....nJm/v..Wo.n!F\|.^...?..(...z....O.....`..).(.C..t~.Q]..c..!..u....h............i..

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 214 x 300, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	91396
Entropy (8bit):	7.994726563236454
Encrypted:	true
SSDEEP:	1536:e0QkyfQhJqkAh3iHFBCV+o4O703tPP9jeky4NA0bDrLJfElY0OeQ6nPLaVf:rJgQ/Dk3iHFe+Fek3NAypElgetPLaVf
MD5:	5C7C9DD02FAD9C3F2117E78DE7DCAB68
SHA1:	24D5E67CA07B0B4D0A9D8BD4F93CD168E556E95C
SHA-256:	9D7C8EAC4355C21966438446B0D014CB24656FECEC826D5ADDB9BBDF514FAF8D
SHA-512:	399693BFB03303C1BCB7E2F56E5F0248DE38BBA3E0896CAC7701F38E0F334706D33764D1FD4AE33CFE59584669BED408C39128D5270EAC1B046CD78CCAF9F84C
Malicious:	false
URL:	https://www.burnaware.com/images/winxvideo_ai_box.png
Preview:	.PNG........IHDR.......,.......M.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:65E3019EF02711EEBE42EAB4FE37BC6C" xmpMM:DocumentID="xmp.did:65E3019FF02711EEBE42EAB4FE37BC6C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:65E3019CF02711EEBE42EAB4FE37BC6C" stRef:documentID="xmp.did:65E3019DF02711EEBE42EAB4FE37BC6C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>L..,..axIDATx....dU.7~..].....`..0C.!'."... ..*.,.5..f.t%#....P$.( 9.03=.&.............W.=........r..^.p.=...;.s.X.

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1553
Entropy (8bit):	7.83500902262791
Encrypted:	false
SSDEEP:	48:Fj13ZzBAHP4t3nJbxJ6tk/30h/478rgm31p:Fj1pyHEn9xJ666/m8rgkp
MD5:	43F8A96DD7784CBDA63395F982CE7B3A
SHA1:	068E3467F3AE7563EEFED057E4065C6FCCA2852E
SHA-256:	DEF21786FDF530C9F00CEE3FBFDA8B6BCE6A98146776FA0E6615DCEAC1EADE6D
SHA-512:	A2467A018BE1A19614DC8DD124A0032CD472A964893A239E2A126EE53391C8EA8C6C7729606D005118FAAB70A75939B6212B385128038D653A5AF3CE8493848D
Malicious:	false
Preview:	.PNG........IHDR..............w=.....sBIT....\|.d.....IDATH.}UmpT..~.{.....oHLv.V6.@...1R..!.6...0.....Z.....2.L[....:....;...T.QB..C.$...............{..XvY$.;s~....>.y.s.K.?QPP.o....J..>.Q...~\.\..<..v...MY.&KVVVa..q..k..9..w..jNZ..H..RD.1...T_q.{.]....9<.......sC-...C.~...u.....v..8.}...52...L.).)G....x.V...D..'.Phzc...m{BvvtL..m..<.{O.4...h-...4...'5...Z^..i.....t.m.....E..g.h...m.C.D.havA..l..b..33...........:].#..`mh..G.......{....BD..I..8i%....1)...c.EB....Q.dDD.@^9.-.=.uZ.f.5..;........8<>6..q@s...w....]!...bv..s%.u.L.W....OnO...........r.'.1..3G...V...wG.7.\..a.`....[.....].b.\| ..... TY..p1V..=...{...\|&.d.=..3G..........\|t..G...v_.DQ..K.43.w\|>_.....:.ix.......I}.....7...z..s\|v).......\|.Xd.........2.tG._...........2.G.....,.....;Vae.AH9..<V...0..+XQ{.....0Y.!.M?...s.+k2.1.a.b...J.J.......)._...~r...ufr.{.ye3.24.&.Q.(-......xV...........J.....kY"..P..w........iX..../..4)...bK..k ..Ov...Z..V..6<t..-.M....GP.....o.E..F^.............n.

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2282)
Category:	downloaded
Size (bytes):	38043
Entropy (8bit):	5.51753143703347
Encrypted:	false
SSDEEP:	768:thtBlUDSdDi8fW4DbYIAOcgXcDHfvDeDnQqve7VEqVCKWhyTJ+yXWqnPBuf6NN84:Ni4Yt81v9Wz
MD5:	B92C7366F45DF79B9B17BD76264ACAEF
SHA1:	3C0A97DB8F05EA010F26B9F12C92D1BF6B8EEF49
SHA-256:	CF5008F5747E1506A5BD6AB9AEC3EAF5235DB0A00C48D21ABD8A84713E8F1729
SHA-512:	AFEE411A4224802CE51180B185EB512981CD20A430E10442DF53BEF351E983339EAB28477E3850E1DE6BB5B4DE4FD21164A1FE56C8A2FC2F28B84F3939EFD8D5
Malicious:	false
URL:	https://tpc.googlesyndication.com/pagead/js/r20240709/r20110914/client/one_click_handler_one_afma_fy2021.js
Preview:	(function(){'use strict';/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=this\|\|self;function aa(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=m,f=0;f<c.length;f++)if(d=d[c[f]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};function ba(a){a=a.o;const b=encodeURIComponent;let c="";a.platform&&(c+="&uap="+b(a.platform));a.platformVersion&&(c+="&uapv="+b(a.platformVersion));a.uaFullVersion&&(c+="&uafv="+b(a.uaFullVersion));a.architecture&&(c+="&uaa="+b(a.architecture));a.model&&(c+="&uam="+b(a.model));a.bitness&&(c+="&uab="+b(a.bitness));a.fullVersionList&&(c+="&uafvl="+b(a.fullVersionList.map(d=>b(d.brand)+";"+b(d.version)).join("\|")));typeof a.wow64!=="undefined"&&(c+="&uaw="+Number(a.wow64));return c} .function ca(a,b){return a.g?a.m.slice(0,a.g.index)+b+a.m.slice(a.g.index):a.m+b}function q(a,b=0){let c="&act=1&ri=1";b==1&&(c="&act=1&ri=24");a.h&&a.o&&(c+=ba(a));return ca(a,c)}function da(a,b){return a.h&&a.i\|\|a.l?b==1?a.h?a.i:ca(a,

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 214 x 300, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	91396
Entropy (8bit):	7.994726563236454
Encrypted:	true
SSDEEP:	1536:e0QkyfQhJqkAh3iHFBCV+o4O703tPP9jeky4NA0bDrLJfElY0OeQ6nPLaVf:rJgQ/Dk3iHFe+Fek3NAypElgetPLaVf
MD5:	5C7C9DD02FAD9C3F2117E78DE7DCAB68
SHA1:	24D5E67CA07B0B4D0A9D8BD4F93CD168E556E95C
SHA-256:	9D7C8EAC4355C21966438446B0D014CB24656FECEC826D5ADDB9BBDF514FAF8D
SHA-512:	399693BFB03303C1BCB7E2F56E5F0248DE38BBA3E0896CAC7701F38E0F334706D33764D1FD4AE33CFE59584669BED408C39128D5270EAC1B046CD78CCAF9F84C
Malicious:	false
Preview:	.PNG........IHDR.......,.......M.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:65E3019EF02711EEBE42EAB4FE37BC6C" xmpMM:DocumentID="xmp.did:65E3019FF02711EEBE42EAB4FE37BC6C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:65E3019CF02711EEBE42EAB4FE37BC6C" stRef:documentID="xmp.did:65E3019DF02711EEBE42EAB4FE37BC6C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>L..,..axIDATx....dU.7~..].....`..0C.!'."... ..*.,.5..f.t%#....P$.( 9.03=.&.............W.=........r..^.p.=...;.s.X.

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (829), with no line terminators
Category:	downloaded
Size (bytes):	829
Entropy (8bit):	5.38926435784308
Encrypted:	false
SSDEEP:	24:4HksAq5/Jz2pRNrBZJuvu8goqc0ioNhc+tp4+mI:2jz2bNrVENtmN+4W+j
MD5:	EFD2290BE9FED1326838E1B7A21326FB
SHA1:	FDAAA2F54C45F3C07E3E962509D12EF21A1E2A31
SHA-256:	69D8A5716AD6FCC79A568B933858D2D9729825ECF630351E87671B03CB8BC0FC
SHA-512:	64608F45BDCFD95F9EE281F33ABD2709AEE7503C548A66B14AB37E544884F9015C687C4C07755E6549F0E365288066D102E1EC1D6379EA3F0B3C5B3CB61F0E19
Malicious:	false
URL:	https://www.google.com/recaptcha/api2/aframe
Preview:	<!DOCTYPE HTML><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><script nonce="W8t17d_2VnJO32tKcuuxTA">/** Anti-fraud and anti-abuse applications only. See google.com/recaptcha / try{var clients={'sodar':'https://pagead2.googlesyndication.com/pagead/sodar?'};window.addEventListener("message",function(a){try{if(a.source===window.parent){var b=JSON.parse(a.data);var c=clients[b['id']];if(c){var d=document.createElement('img');d.src=c+b['params']+'&rc='+(localStorage.getItem("rc::a")?sessionStorage.getItem("rc::b"):"");window.document.body.appendChild(d);sessionStorage.setItem("rc::e",parseInt(sessionStorage.getItem("rc::e")\|\|0)+1);localStorage.setItem("rc::h",'1720719611010');}}}catch(b){}});window.parent.postMessage("_grecaptcha_ready", "");}catch(b){}</script></body></html>

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	143
Entropy (8bit):	5.079318363208902
Encrypted:	false
SSDEEP:	3:PIy9JL/ZSGKHjJMzVJu+1vK3VYrSLIzECAXhxMAFjWAEtv0Gb:TJL/sGeMRJVSOGLIoDXhxVFjWAEd0Gb
MD5:	E4E31B474D3E0B577B3C8856E91F8659
SHA1:	A81311F7FCFA9B6B23A24D4E5C976D5F75B1B9B7
SHA-256:	18088C10E79C926292732AF98A0CE470E90F3FBCBA4BB4896AB3310C2D94E421
SHA-512:	A07961EB39C4CD4E39EE19E2C675E64E5BA5367DAA18E2F76A23772ABD62F46B002E6BE8FB0F35A70616941178FACC8DF579C4A68E5811B74313C12806AAFAE3
Malicious:	false
URL:	https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Preview:	<!DOCTYPE HTML PUBLIC>.<html>. <head>. <meta http-equiv="refresh" content="0;url=https://www.google.com/pagead/drt/ui" />. </head>.</html>

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (474)
Category:	downloaded
Size (bytes):	10411
Entropy (8bit):	4.423883018993488
Encrypted:	false
SSDEEP:	96:C042g09py8p4wK+VE1FM+LUsJ0gD0nV44b0bFi+qWX:ubDD71qVP/0Bi+/X
MD5:	D885EE1A15821072F62D8C0AD0DECB3E
SHA1:	DB5DFAC835CCF59E68B5B702F57EB2A6553A6591
SHA-256:	E7AA9EF3E28CFA88308E9CE3E9CFDEC06DBFC8D60D7727CEFE3C2A7594E163E5
SHA-512:	38C8542C2B9B5294A6DD513AD967727829F04B432EA09624873868941FAE5B6C9610D26B8B47C968CF7C684929E7224F3913E75575D28355F80E3356344347F8
Malicious:	false
URL:	https://www.burnaware.com/
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <title>Free Burning Software \| CD/DVD Copying Software \| BurnAware</title>. <meta name="description" content="BurnAware is free CD, DVD, Blu-ray Disc burning and copying software with support of MDisc, BDXL and disc spanning. Download and burn discs for free." />. <meta name="keywords" content="free burning software, disc spanning, backup software, blu-ray burner, disc copying software, iso burner, dvd burner, dvd burning software, mdisc, m-disc" />. <meta charset="utf-8" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta name="viewport" content="width=device-width, initial-scale=1" />. <meta name="author" content="Burnaware" />. <meta name="robots" content="index,follow" />. <link rel="icon" href="favicon.ico" />. <link rel="stylesheet" type="text/css" href="css/bootstrap.min.css" />. </head>. <body>. <header>. <nav class="navbar na

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5945)
Category:	downloaded
Size (bytes):	260649
Entropy (8bit):	5.566798428883292
Encrypted:	false
SSDEEP:	6144:eTzqOW9ZScfgNezXz5ILFg5+/0vFoxZe0:K16ZSjNwsp
MD5:	F0D8FED0F250253214D61F598233952E
SHA1:	B20F4843744092C32EDBED0B8A994F74C212348D
SHA-256:	8B3567DED976F4885DA7E6B2B3FEC982E551C7D3B6BB013D4E63976CF7602CFB
SHA-512:	32C95019D4672BD8EE79A093556D59079A509045CE93488CACAA30AC2C9C965C958C6F244E6874A1EF8BCD6328C89167008F15B90DA090C96F040D48809092BB
Malicious:	false
URL:	https://www.googletagmanager.com/gtag/js?id=G-R0FFV0Q2KK&l=dataLayer&cx=c
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":7,"vtp_value":true,"tag_id":15},{"function":"__ogt_session_timeout","priority":7,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":17},{"function":"__ogt_1p_data_v2","priority":7,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":18},{"function":"__ccd_ga_first","priority":6,"vtp_instanceDestinationId":"G-R0FFV0Q2KK","tag_id":25},{"function":"__set_product_se

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 250, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	6554
Entropy (8bit):	7.8094607869092885
Encrypted:	false
SSDEEP:	96:dttS95fccmex/fpT+03yZZyov0ChNGAgxdBot3B2F9miu2hLFpPghJtgxuTcBayi:RNexHpq8wJNHgxdBopBMEiu2hLuABvxQ
MD5:	F86BD3DA194896F2EDE33571A9ED4160
SHA1:	E5801AC75A8ECAED85CF3029492879B86177410A
SHA-256:	2117A476BFC924CE58F6AD26194CFA532379C909C29CC3114220EAC97B31F211
SHA-512:	8710CB9FCB84E426DDD6C13859F2C1947E2E684849FD2C954BA291CCE1FF132C6CB5D93739295A711B4BE9A249297F408F1EF5EB2E147CB1D336069B92400391
Malicious:	false
Preview:	.PNG........IHDR.............N#N6...qPLTE..X.h, ```................@@@........................ppp....m...000....PPP...........c...CMVy...............m.......b...........(3>^fn............l..m....{F.....w..6@J..x..5@J....ksz........oooPYb.........w..x..a............x.............{G.r:..T___......QYb....w.......{]fn.........w........................S....{..n..T......x...^.A....IDATx..{.6...#.O..m.R,K....L.g\S..4.i........^..Gb..../r#...y.P.H.....R.+................................................................................z....[{.W......5...........[..........<T.V..?(.......E...dY...Vvu..=...?hm..#....K.].r.\H....W....W..n<...'.O.R.>aI.2.[.,.~.Ju=OP.u.\|...m..\...y....~9.../?X5G`.J.m..{.WyX.....8<].C.Y.%Q...>q..\).....vu...Av.G..WVW.....y.e^.$....]..Jl.S....^v..(s...r.u..?.$.v\|..oL.r.o......$..m'6K#.a......'W.~U.Z']..d3....z+ei.h..r.{.'.7>.....^+N.........a.[.P9.k.>.{..a.B..<..(.~3..........\.5o.j...

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1921)
Category:	downloaded
Size (bytes):	434206
Entropy (8bit):	5.5973790622094715
Encrypted:	false
SSDEEP:	12288:2uLpzgYHwyVUqXpTh4VtCnXCeMdE8mVfJTghPR2MzLGCvEhHDZcrBZ9DVW+63g3R:2uLpzgYHwyVUqXpTh4VtMXCeMdE8mVfO
MD5:	04E433EBE9C5196E5E4845B391D1E33C
SHA1:	8F8B7C64BBB128A1FFE492F63A01EDB9937EF4EA
SHA-256:	8C970135092A6E894C0DE41A515F5A4F1444B93316CA7E2ED3EA56B071A8824A
SHA-512:	D270C84D46CD761D7812888B092E3C379DCDD3F40AA2A2A8A96BC673F4B32BBC8C621E2A9168C88AA95A623DDB8F50A2B089D22194A49E4DBAE1968F1AC026C5
Malicious:	false
URL:	https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202407080101/show_ads_impl_fy2021.js
Preview:	(function(sttc){'use strict';var r,aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ca=ba(this),da=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ha={},ja={};function ka(a,b,c){if(!c\|\|a!=null){c=ja[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ma(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ha?f=ha:f=ca;for(e=0;e<d.length-1;e++){var h=d[e];if(!(h in f))break a;f=f[h]}d=d[d.length-1];c=da&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?aa(ha,d,{configurable:!0,writable:!0,value:b}):b!==c&&(ja[d]===void 0&&(a=Math.random()*1E9>>>0,ja[d]=da?ca.Symbol(d):"$jscp$"+a+"

Chrome Cache Entry: 181

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	5430
Entropy (8bit):	2.568660328439097
Encrypted:	false
SSDEEP:	24:NLBdUGgdXrNzEfct5gegpySieAhKQf8/7JPhBjzaz/OeS6G1R5FtLRpqR:dUGgd5za6VgqxKnBD34SRFrpqR
MD5:	073BCB570A5796519A36BE422EA68EC8
SHA1:	A44ECB32DE596D06109C31F71E9C0783B6EA65C8
SHA-256:	446681A77FDA390E1312ECF4AF9C79398B0E491A02BF9CC616F3C806CA68E345
SHA-512:	B1902228A86BD99CD29ADE00B9757E31B408D101A9A8F6B25A81EFDED6CC4FEC3AE2CEFAD842D168102BFEB38F6D42BD7C68AB420A7C64BBB0120417C4D9676A
Malicious:	false
Preview:	...... .... .....&......... .h.......(... ...@..... .................................................................................5...5.. 5..s5...5..5..8....................................................................................................................5..O5...5...5..5..1....................................................................................................................5...5...5...5..r................................................................................................................5...5...5...5...5..v................................................................................................................5..5...5...5...5..E....................................................5..X5..5..5..5.._5..!................................5..i5...5...5...5..................................................5..5...5...5...5...5...5...5..5..d5.......................5..5...5...5...5..85../............................................5...5.

Chrome Cache Entry: 182

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 20x20, components 3
Category:	downloaded
Size (bytes):	1006
Entropy (8bit):	7.130835243135043
Encrypted:	false
SSDEEP:	24:dDcpnWhio0XxDuLHeOWXG4OZ7DAJuLHenX32V6HRNUkFMen3lHQ/VB:1cp+uERAnRCkRn3lQ/T
MD5:	79F379A6C99D16DC95EBDA36E314B731
SHA1:	DD550FC3C371F7214264AFE07A5ADFF165C2970C
SHA-256:	32BFA78868AF0DAC456FCA460EFE6239A35FB7EF954C7825C7D5F6D0020250ED
SHA-512:	6454FAE667934A0BCA6734188E7A6EB11A00B29FA80975C1F9245469E883A86A45AC12E35DE22281FA93A611F0F394624B9486E54379FB2E96C07B006E168125
Malicious:	false
URL:	https://www.burnaware.com/images/twitter.jpg
Preview:	......JFIF.....`.`....."Exif..MM...........................Ducky.......d.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......V..3,2J..e..].8UEfc..p.5...<\|........u.....o..)...)_;n.w..~.....f_...~<.W.C]....E..T.....7.dc.rH7E#.!..`X..W...P/.7./.....g.c.h+...Z.O....@w.[..".-;...B....6..l.4.0.........k....N.:.v...j.....xg..c..Z\..t.&.....nJm/v..Wo.n!F\|.^...?..(...z....O.....`..).(.C..t~.Q]..c..!..u....h............i..

Chrome Cache Entry: 183

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x349, components 3
Category:	dropped
Size (bytes):	22590
Entropy (8bit):	6.962901479336723
Encrypted:	false
SSDEEP:	384:nrxtA8dgmQB+4gJec2jlfaZk9BT20gBOvZUYwuJ6jUIF2:nly8dgmQB3M20k9ByVBdS63c
MD5:	DDDF37D3EF7E68906E8240360B2D8A13
SHA1:	850633C9B2A0BB2D93EA38B5E88AE4DCC1C3428D
SHA-256:	C88A3D062DEE85EE2EF987253E5B5805783AEED1C340FB2803F0DA17492D73BE
SHA-512:	E06414C9A99A923463037A01DEB5F99A33C8306AF4CC0C18B2E317B756A4DB039413D679871A2C7991B905200C0D8839294C94AE062253E36DCB643141095424
Malicious:	false
Preview:	......Exif..II*.................Ducky.......P.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:EB9029A79CDE11EDB153C141EE404C89" xmpMM:DocumentID="xmp.did:EB9029A89CDE11EDB153C141EE404C89"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EB9029A59CDE11EDB153C141EE404C89" stRef:documentID="xmp.did:EB9029A69CDE11EDB153C141EE404C89"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

Chrome Cache Entry: 184

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 20x20, components 3
Category:	dropped
Size (bytes):	1077
Entropy (8bit):	7.14617450159217
Encrypted:	false
SSDEEP:	24:dDcpnWhio0XxDuLHeOWXG4OZ7DAJuLHenX32pWDqHAQrGLy4T0:1cp+uERAmgQrWrT0
MD5:	DBFB679FD22FBB3A5D7A0C98D89C108A
SHA1:	C2F957BB819CD0985A97067A14012CE142714002
SHA-256:	11C7E1D9FA4EAC91BBA94CCE1B1C2F90B7CA0F20D984E443322630B18F321D92
SHA-512:	3F9AA078180EFED5F435E7B6A30CDE092649D711C98A7D6D67330097494C8EFF8DB6DEA0910627A422F047A641DCBB2E229F218B5374D5FB5DD6E2AC0E3A6B94
Malicious:	false
Preview:	......JFIF.....`.`....."Exif..MM...........................Ducky.......d.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..d.O$....'.#./\|D..<e.o~...<Q._.xo.hvv...I.$......i.#.c.5+....\|{....s[...I$,.......+.K..W.q...'.c.@....=\|7k..7......V..z...i...n".42s.9.^s.?z.,^3....<e..1n.)...sl.v...>.-.F.I.^.[.........~>...?.\|Ec..V....> .......V.Ai,.1+.#g...Xm_....V...+..C.h.iv...uyk..Xlb.g.-....5`......E{...W.w..Do..$e..1.z...E...

Chrome Cache Entry: 185

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2440)
Category:	downloaded
Size (bytes):	23597
Entropy (8bit):	5.503794043431984
Encrypted:	false
SSDEEP:	384:2JJyIN15yzb7qIfpp+d/+1aaHX+5g9f4ta79RBzzjeG3KaV2whNNybuy44DXWyID:2JJyu1Iz3qIf6d/+1l3+5g9f2a7dTeG3
MD5:	26F8DF30CDECC3388CEF131509E9B5F9
SHA1:	F66021C1CE3F7AB0664420F882769DB95B6A921A
SHA-256:	7319E564328115C786A41AE6D84023D5F7E565BD9DCB601F36D71412BA152458
SHA-512:	50BEDD88B758010677CFDBB863BCA6096E423B3C185DEBB5B7B9B1EB69C64185993751FE52F6B6A256603BA5C8E9EE678FB37CB3746868AF1E2A3BAB1E927505
Malicious:	false
URL:	https://tpc.googlesyndication.com/pagead/js/r20240709/r20110914/abg_lite_fy2021.js
Preview:	(function(){'use strict';/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=this\|\|self;function n(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=m,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b}function aa(a){return a};function ba(a){m.setTimeout(()=>{throw a;},0)};const ca=n(1,!0);var da=n(610401301,!1),fa=n(188588736,ca),ha=n(645172343,ca);var r;const ia=m.navigator;r=ia?ia.userAgentData\|\|null:null;function ja(a){return da?r?r.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function t(a){var b;a:{if(b=m.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function w(){return da?!!r&&r.brands.length>0:!1}function ka(){return w()?ja("Chromium"):(t("Chrome")\|\|t("CriOS"))&&!(w()?0:t("Edge"))\|\|t("Silk")};function la(a,b){return Array.prototype.indexOf.call(a,b,void 0)};function ma(a){ma[" "](a);return a}ma[" "]=function(){};!t("Android")\|\|ka();ka();t("Safari")&&(ka()\|\|(w()?0:t("Coast"))\|\|(w()?

Chrome Cache Entry: 186

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52964)
Category:	downloaded
Size (bytes):	54232
Entropy (8bit):	5.694885252288895
Encrypted:	false
SSDEEP:	1536:jbAIDK/szf/Q0wesEndmnBO2imLxDCwtn0:IIRn0ZQmnBfH5h0
MD5:	3498D2712BF97DF3A2C6A50AE3546787
SHA1:	B3F7CEEB0932181BF9D19639E2A002DDEC8AC1D6
SHA-256:	4FBFAD983F0C6B2E0D1E47EBC2197D7ABBE212A690A21577F80C7C2AEED7BF57
SHA-512:	FED6DE7CA7EE8184E9D702972E0180187233E56E52EC1E73B26DE735DD3E1365C5B9D040BD587B354052473A8CA231269399181D4E8A51E8FF5223A7444C050C
Malicious:	false
URL:	https://pagead2.googlesyndication.com/bg/T7-tmD8May4NHkfrwhl9erviEqaQohV3-Ax8Ku7Xv1c.js
Preview:	//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function L(V){return V}var w=function(V){return L.call(this,V)},b=this\|\|self,W=function(V,n,P,t,H,E,d,F,v,r,M,l){for(l=(M=91,6);;)try{if(M==99)break;else if(M==V)M=F&&F.createPolicy?37:69;else if(M==91)F=b.trustedTypes,v=d,M=V;else{if(M==t)return l=6,v;if(M==92)M=b.console?n:t;else if(M==82)l=6,M=92;else{if(M==69)return v;M==n?(b.console[H](r.message),M=t):M==37&&(l=P,v=F.createPolicy(E,{createHTML:w,createScript:w,createScriptURL:w}),M=t)}}}catch(K){if(l==6)throw K;l==P&&(r=K,M=82)}};(0,eval)(function(V,n){return(n=W(42,32,38,90,"error","bg",null))&&V.eval(n.createScript("1"))===1?function(P){return n.createScript(P)}:function(P){return""+P}}(b)(Array(Math.random()*7824\|0).join("\n")+['//# sourceMappingURL=data:application/json;char

Chrome Cache Entry: 187

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3975)
Category:	downloaded
Size (bytes):	162571
Entropy (8bit):	5.5999958711386695
Encrypted:	false
SSDEEP:	3072:OuDXnMH2K4QcPVp5w18xpcPTizyi3VFnTWJbeBSpgjO7lTp9JHPyqcRZRKRljtKy:OuDXnMH2K4QcPVp5w18xi7iyiFFnKJbv
MD5:	502E4496767FA8B2CE6C2109B263D52A
SHA1:	1EA53C68633DD41F0CAFDDDC780880E5BA16AE7E
SHA-256:	C5354A398005E944E1DFA58B181B00215708485746DED5475EA66F1A3155F624
SHA-512:	60DE7C9CBEBC4CAB20E7BA194859325FFD03F3533AA49E47FED0ECC3E101A4B7E11E854EF38C8F19C56710428571F2D6F55C41C93D09662471A0990C7A6F1F23
Malicious:	false
URL:	https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Preview:	(function(sttc){'use strict';var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ca=ba(this),da=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ea={},fa={};function ha(a,b,c){if(!c\|\|a!=null){c=fa[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ia(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ea?f=ea:f=ca;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=da&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?aa(ea,d,{configurable:!0,writable:!0,value:b}):b!==c&&(fa[d]===void 0&&(a=Math.random()*1E9>>>0,fa[d]=da?ca.Symbol(d):"$jscp$"+a+"$"

Chrome Cache Entry: 188

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	16826
Entropy (8bit):	6.018937192631088
Encrypted:	false
SSDEEP:	384:Kd5Cy8v6JuZMzeT9v2ncL7lwmeLsgUuPTk/Ik7CHIW/ksd9/BmRi:KdSAggUuPTkAvR9Oi
MD5:	A26FA8FBC19A8B53F6484F2BE2D34743
SHA1:	6EFB45479668D9E02254D5F8AD19FB33C16C5373
SHA-256:	077A03BF356834CF545FB70F7B0D10305BE7026B8F581F4A6C09516DAAA6DFE6
SHA-512:	343D4F09EB78758F415F1A4AF6934CBA3C223DBD9218A2B7EED6252F6ABA66437CFC073227EB8D160DC77425392378290267614952378AF340AA3631B39E2CAB
Malicious:	false
URL:	https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240709&st=env
Preview:	{"sodar_query_id":"-RiQZtmxJr-SiM0PuJChkAs","injector_basename":"sodar2","bg_hash_basename":"T7-tmD8May4NHkfrwhl9erviEqaQohV3-Ax8Ku7Xv1c","bg_binary":"dgrVjiZotaZClYCDwjM+tX+R0ZLm5DrPMId4/E6y7ux0XkhIvwOet5u/MoARup48WDlr9hlS+bX5BQS19EuKE+lNgCKTJmPbyHjORGKnkk19F2ODmLVmP/7Hxr9wR9ESX0V/tQoU/08zZ+NhOwz0H5z6vG6HW9lgFRKxnDZnOXzZ/k0mC1OtC1LXaosWOduo1EyfgcgjSbeuiuZXX5JsI6J93Gu+ZL896Hl7Y+Z9JqUtG64U8zTKd+xe86siYjORDgTW7CVhYldVXL2ky+b9Il25OH+guxylkv4vQWfsP4a+PxtFd+Y0Gv/i7aC2Dk3xGDxR1hIZ+RXclSHXDHPq4J11b04CGrac2aUmMvGQ3jRZkQay0Ttg3Ocs88woS950e+LTXi+0pMKlsR7J1DtHHIM9RZ1BfGgvEKYSseYFetYrMQLqreY0schgiUANbgpoPf6GAAQ4zFLWs+Y+4w1X6Yrgk96FVJ2pcxB3ZU5xG9bWONXrAXc85CTpuRolvAX14bkFvG2krlyZUEt+tUTKTc/VUMF5zHftL5nQ/FC5f9LzMuvD7WECFRwITnEm55F139VXVP6x+OCp9k9MpSHu6u2QCxRcgChI4U/ywNNjN8rFgpjDeoel6pvGQ18PkdzJB2lpojdrV+GpblPvddd8NvWAM7a8nbpMf7KvwJnAnRB/Uttl0mF/e5yqqpGbqYErMzOPeSDW9pXMV1lYOpAEv7yi9Poo9iXzMfAkklctDCzz90/gnHW5sQlDrROvs44np9lkrXUhnvAp2AYZf6Hx7Wuqi93y0wafVkGkJBqgWct6M1nqF1l2pmByDzLdiRCYIOsB6DV0AoxLW55p3

Chrome Cache Entry: 189

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Category:	downloaded
Size (bytes):	102038
Entropy (8bit):	6.098977814533223
Encrypted:	false
SSDEEP:	1536:pPYWTsz/Db0U7FsgxDfV7rB9t+KV4lvC5xdisJ9lJbAVGn75MXSlQXwL9I:tzoL0U71BV7rB9t+plOisblJbZ75Miav
MD5:	491DAA22DCC043068DC4FA0924CE5C6F
SHA1:	16B4E4DACB5588B16F41FDD874A7F7D4F2B7E513
SHA-256:	377EF8A759D9C620A17CAF0C7315D43D06695EEE915D701DDAAE32086EEEDCB5
SHA-512:	296308291EF855F3A0B80BBD9661F3A76EFB14EA324C8831B648840DA45DED18A90AD6B4DA04E952F70175D4BD952DF7F3A18FD3684B207775454691D9A3AC0D
Malicious:	false
URL:	https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=131469704701851&tmod=1184573214&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1581
Preview:	<!doctype html><html><head><script>var jscVersion = 'r20240709';</script><script>var google_casm=[];</script><style>a { color: #000000 }.img_ad:hover {-webkit-filter: brightness(120%)}</style><script></script><script>window.dicnf = {};</script><script data-jc="42" data-jc-version="r20240709" data-jc-flags="["x%278446'9efotm(&20067;>8&>`dopb/%<1732261!=\|vqc)!7201061?'9efotm(&20723;>:&>`dopb/%<1245;05!=nehu`/!361:<320!9sqrmy"]">(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var u=this\|\|self;function v(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=u,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};var aa=v(610401301,!1),ba=v(188588736,v(1,!0));var w;const ca=u.navigator;w=ca?ca.userAgentData\|\|null:null;function x(a){return aa?w?w.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function y(a){var b;a:{if(b=u.navigator)if(b=b.userAgent)br

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.996276806312489
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe
File size:	8'728'608 bytes
MD5:	a6d83330743edcff48a85dfa1013fdab
SHA1:	0aa8362a86274edcba3c111e8d729b1e0198a92b
SHA256:	03c769a2c069d127c2d9a5103853218a8f108074f0012776ff871dadf346c39e
SHA512:	2144b8b84a9769eb1257b856bf62fadfff58f715e344ee6c4021190da326bba32336b99b1086cd6ed9d1eb4b248d52130ec232cf65a7c17e92742adc35a8f302
SSDEEP:	196608:qVWJWqgbeuM2NS+JYkeC5gkdCj2HAFDEv0AIYCTNp:qVWJpGjNbjeCVsqacDbChp
TLSH:	A5963392E38B41B4FA655631949AD8303C533EEA1AD081066DFFFE1C763AA806DF7171
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	1c48490d1d1d992f

Static PE Info

General

Entrypoint:	0x41181c
Entrypoint Section:	.itext
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5B226D52 [Thu Jun 14 13:27:46 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	20dd26497880c05caed9305b3c8b9109

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	05/11/2014 00:00:00 05/11/2019 23:59:59
Subject Chain	CN=Burnaware, O=Burnaware, STREET=Krylatskie Kholmy 39-2, L=Moscow, S=Moscow, PostalCode=121614, C=RU
Version:	3
Thumbprint MD5:	E892014EF40D1CEAAA8E35FBF8E4CA54
Thumbprint SHA-1:	CD1DFF866CFBCBC9593B2D5AF7B7A621A4C048FF
Thumbprint SHA-256:	AE3E817C15946BB94DD8C21DBD9C88D3DF75BBAABA12F6950BF102B2EFBD0B16
Serial:	34A57A0F0BF4B55CCD6F48728FA63980

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFA4h
push ebx
push esi
push edi
xor eax, eax
mov dword ptr [ebp-3Ch], eax
mov dword ptr [ebp-40h], eax
mov dword ptr [ebp-5Ch], eax
mov dword ptr [ebp-30h], eax
mov dword ptr [ebp-38h], eax
mov dword ptr [ebp-34h], eax
mov dword ptr [ebp-2Ch], eax
mov dword ptr [ebp-28h], eax
mov dword ptr [ebp-14h], eax
mov eax, 0041015Ch
call 00007F7F5CB0FE1Dh
xor eax, eax
push ebp
push 00411EFEh
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
xor edx, edx
push ebp
push 00411EBAh
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
mov eax, dword ptr [00415B48h]
call 00007F7F5CB1857Bh
call 00007F7F5CB180CAh
cmp byte ptr [00412AE0h], 00000000h
je 00007F7F5CB1B09Eh
call 00007F7F5CB18690h
xor eax, eax
call 00007F7F5CB0DEB5h
lea edx, dword ptr [ebp-14h]
xor eax, eax
call 00007F7F5CB150FBh
mov edx, dword ptr [ebp-14h]
mov eax, 00418658h
call 00007F7F5CB0E48Ah
push 00000002h
push 00000000h
push 00000001h
mov ecx, dword ptr [00418658h]
mov dl, 01h
mov eax, dword ptr [0040C04Ch]
call 00007F7F5CB15A12h
mov dword ptr [0041865Ch], eax
xor edx, edx
push ebp
push 00411E66h
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
call 00007F7F5CB185EEh
mov dword ptr [00418664h], eax
mov eax, dword ptr [00418664h]
cmp dword ptr [eax+0Ch], 01h
jne 00007F7F5CB1B0DAh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19000	0xe04	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1c000	0x1bca4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x851b48	0x14d8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1b000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x19304	0x214	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xf25c	0xf400	0da5d73ffbc41792fa65a09058a91476	False	0.5482197745901639	data	6.375879013420213	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x11000	0xfa4	0x1000	2eb275566563c3f1d0099a0da7345b74	False	0.563720703125	data	5.778765357049134	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x12000	0xc8c	0xe00	73b859e23f5fd17e00c08db2e0e73dfe	False	0.25362723214285715	data	2.3028287433175367	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x13000	0x56bc	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x19000	0xe04	0x1000	e9b9c0328fd9628ad4d6ab8283dcb20e	False	0.321533203125	data	4.597812557707959	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x1a000	0x8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1b000	0x18	0x200	3dffc444ccc131c9dcee18db49ee6403	False	0.05078125	data	0.2044881574398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1c000	0x1bca4	0x1be00	dc24f890fb65625d20e3bc2a39bfbfc1	False	0.5723532090807175	data	6.487924190434178	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1c4dc	0x2c46	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	English	United States	0.957473089818246
RT_ICON	0x1f124	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	United States	0.2998400852878465
RT_ICON	0x1ffcc	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	United States	0.32084837545126355
RT_ICON	0x20874	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	United States	0.38078034682080925
RT_ICON	0x20ddc	0x9996	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9952947759295997
RT_ICON	0x2a774	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.3955394190871369
RT_ICON	0x2cd1c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.4969512195121951
RT_ICON	0x2ddc4	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.6551418439716312
RT_STRING	0x2e22c	0x68	data			0.6538461538461539
RT_STRING	0x2e294	0xd4	data			0.5283018867924528
RT_STRING	0x2e368	0xa4	data			0.6524390243902439
RT_STRING	0x2e40c	0x2ac	data			0.45614035087719296
RT_STRING	0x2e6b8	0x34c	data			0.4218009478672986
RT_STRING	0x2ea04	0x294	data			0.4106060606060606
RT_RCDATA	0x2ec98	0x82e8	data	English	United States	0.11261637622344235
RT_RCDATA	0x36f80	0x10	data			1.5
RT_RCDATA	0x36f90	0x150	data			0.8392857142857143
RT_RCDATA	0x370e0	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0x3710c	0x76	data	English	United States	0.6694915254237288
RT_VERSION	0x37184	0x4f4	data	English	United States	0.2894321766561514
RT_MANIFEST	0x37678	0x62c	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4240506329113924

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	GetKeyboardType, LoadStringW, MessageBoxA, CharNextW
kernel32.dll	GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
user32.dll	CreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
kernel32.dll	WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
comctl32.dll	InitCommonControls
kernel32.dll	Sleep
advapi32.dll	AdjustTokenPrivileges

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
07/11/24-19:39:38.782654	TCP	2025537	ET MALWARE Lavasoft PUA/Adware Client Install	49740	80	192.168.2.4	104.16.148.130
07/11/24-19:39:44.565238	TCP	2849740	ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI	49751	443	192.168.2.4	104.16.148.130
07/11/24-19:39:40.960268	TCP	2849741	ETPRO MALWARE Suspicious Domain (sos .adaware .com) in TLS SNI	49745	443	192.168.2.4	104.16.212.94
07/11/24-19:39:42.215264	TCP	2849740	ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI	49747	443	192.168.2.4	104.16.148.130
07/11/24-19:39:43.806977	TCP	2849740	ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI	49749	443	192.168.2.4	104.16.148.130
07/11/24-19:39:42.987417	TCP	2849740	ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI	49748	443	192.168.2.4	104.16.148.130
07/11/24-19:39:39.840011	TCP	2849740	ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI	49742	443	192.168.2.4	104.16.148.130

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 11, 2024 19:38:57.627423048 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:07.236937046 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:21.498996973 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:21.499051094 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:21.499161959 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:21.500647068 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:21.500660896 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:22.333309889 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:22.333400011 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:22.380147934 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:22.380177975 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:22.381205082 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:22.424295902 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:23.467469931 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:23.477771044 CEST	49723	80	192.168.2.4	2.16.164.18
Jul 11, 2024 19:39:23.484714985 CEST	80	49723	2.16.164.18	192.168.2.4
Jul 11, 2024 19:39:23.484816074 CEST	49723	80	192.168.2.4	2.16.164.18
Jul 11, 2024 19:39:23.508516073 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.731410027 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.731479883 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.731501102 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.731606960 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:23.731646061 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.731710911 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.731723070 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.731729984 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:23.731762886 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:23.732286930 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.732358932 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:23.732366085 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.732610941 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:23.732672930 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:24.418476105 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:24.418524027 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:24.418531895 CEST	49734	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:39:24.418539047 CEST	443	49734	40.68.123.157	192.168.2.4
Jul 11, 2024 19:39:35.545680046 CEST	80	49724	217.20.57.40	192.168.2.4
Jul 11, 2024 19:39:35.545783043 CEST	49724	80	192.168.2.4	217.20.57.40
Jul 11, 2024 19:39:35.545783043 CEST	49724	80	192.168.2.4	217.20.57.40
Jul 11, 2024 19:39:35.551667929 CEST	80	49724	217.20.57.40	192.168.2.4
Jul 11, 2024 19:39:38.776182890 CEST	49740	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:38.781280994 CEST	80	49740	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:38.781361103 CEST	49740	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:38.782654047 CEST	49740	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:38.787638903 CEST	80	49740	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:39.291387081 CEST	80	49740	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:39.291687965 CEST	49740	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.297117949 CEST	80	49740	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:39.297174931 CEST	49740	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.315550089 CEST	49741	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.320755005 CEST	80	49741	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:39.320857048 CEST	49741	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.321070910 CEST	49741	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.326240063 CEST	80	49741	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:39.652308941 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.652370930 CEST	443	49742	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:39.653922081 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.825376987 CEST	80	49741	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:39.825627089 CEST	49741	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.832931995 CEST	80	49741	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:39.832998037 CEST	49741	80	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.840010881 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:39.840097904 CEST	443	49742	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:40.416667938 CEST	443	49742	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:40.416866064 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:40.459764957 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:40.459853888 CEST	443	49742	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:40.460980892 CEST	443	49742	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:40.580609083 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:40.591209888 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:40.632497072 CEST	443	49742	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:40.632594109 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:40.632654905 CEST	443	49742	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:40.782104015 CEST	443	49742	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:40.782363892 CEST	443	49742	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:40.785166025 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:40.818389893 CEST	49742	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:40.958964109 CEST	49745	443	192.168.2.4	104.16.212.94
Jul 11, 2024 19:39:40.959011078 CEST	443	49745	104.16.212.94	192.168.2.4
Jul 11, 2024 19:39:40.959065914 CEST	49745	443	192.168.2.4	104.16.212.94
Jul 11, 2024 19:39:40.960268021 CEST	49745	443	192.168.2.4	104.16.212.94
Jul 11, 2024 19:39:40.960283995 CEST	443	49745	104.16.212.94	192.168.2.4
Jul 11, 2024 19:39:41.465267897 CEST	443	49745	104.16.212.94	192.168.2.4
Jul 11, 2024 19:39:41.465336084 CEST	49745	443	192.168.2.4	104.16.212.94
Jul 11, 2024 19:39:41.468089104 CEST	49745	443	192.168.2.4	104.16.212.94
Jul 11, 2024 19:39:41.468111992 CEST	443	49745	104.16.212.94	192.168.2.4
Jul 11, 2024 19:39:41.468610048 CEST	443	49745	104.16.212.94	192.168.2.4
Jul 11, 2024 19:39:41.469999075 CEST	49745	443	192.168.2.4	104.16.212.94
Jul 11, 2024 19:39:41.516498089 CEST	443	49745	104.16.212.94	192.168.2.4
Jul 11, 2024 19:39:41.516545057 CEST	49745	443	192.168.2.4	104.16.212.94
Jul 11, 2024 19:39:41.516551971 CEST	443	49745	104.16.212.94	192.168.2.4
Jul 11, 2024 19:39:42.199179888 CEST	443	49745	104.16.212.94	192.168.2.4
Jul 11, 2024 19:39:42.199258089 CEST	443	49745	104.16.212.94	192.168.2.4
Jul 11, 2024 19:39:42.199398994 CEST	49745	443	192.168.2.4	104.16.212.94
Jul 11, 2024 19:39:42.199770927 CEST	49745	443	192.168.2.4	104.16.212.94
Jul 11, 2024 19:39:42.210907936 CEST	49747	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.210939884 CEST	443	49747	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:42.211011887 CEST	49747	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.215264082 CEST	49747	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.215277910 CEST	443	49747	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:42.778376102 CEST	443	49747	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:42.779866934 CEST	49747	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.779886961 CEST	443	49747	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:42.780016899 CEST	49747	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.780025005 CEST	443	49747	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:42.952785015 CEST	443	49747	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:42.953085899 CEST	443	49747	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:42.957099915 CEST	49747	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.958796978 CEST	49747	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.964807987 CEST	49748	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.964859962 CEST	443	49748	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:42.964973927 CEST	49748	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.987416983 CEST	49748	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:42.987446070 CEST	443	49748	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:43.590190887 CEST	443	49748	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:43.591638088 CEST	49748	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:43.591694117 CEST	443	49748	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:43.591895103 CEST	49748	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:43.591906071 CEST	443	49748	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:43.779496908 CEST	443	49748	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:43.779709101 CEST	443	49748	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:43.779768944 CEST	49748	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:43.780155897 CEST	49748	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:43.800900936 CEST	49749	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:43.800950050 CEST	443	49749	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:43.801103115 CEST	49749	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:43.806977034 CEST	49749	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:43.806998014 CEST	443	49749	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:44.234287977 CEST	49750	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:44.234338999 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:44.234464884 CEST	49750	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:44.235394955 CEST	49750	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:44.235410929 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:44.374768972 CEST	443	49749	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:44.375823021 CEST	49749	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:44.375852108 CEST	443	49749	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:44.375900030 CEST	49749	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:44.375906944 CEST	443	49749	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:44.559931993 CEST	443	49749	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:44.560200930 CEST	443	49749	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:44.560321093 CEST	49749	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:44.560579062 CEST	49749	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:44.561898947 CEST	49751	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:44.561948061 CEST	443	49751	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:44.562021017 CEST	49751	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:44.565237999 CEST	49751	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:44.565257072 CEST	443	49751	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:44.873419046 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:44.873583078 CEST	49750	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:44.874983072 CEST	49750	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:44.874993086 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:44.875273943 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:44.921134949 CEST	49750	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:44.964510918 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:45.023341894 CEST	443	49751	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:45.024437904 CEST	49751	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:45.024466991 CEST	443	49751	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:45.024516106 CEST	49751	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:45.024525881 CEST	443	49751	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:45.145019054 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:45.145081043 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:45.145127058 CEST	49750	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:45.145447016 CEST	49750	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:45.145462036 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:45.145472050 CEST	49750	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:45.145477057 CEST	443	49750	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:45.163280010 CEST	443	49751	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:45.163528919 CEST	443	49751	104.16.148.130	192.168.2.4
Jul 11, 2024 19:39:45.163614035 CEST	49751	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:45.163860083 CEST	49751	443	192.168.2.4	104.16.148.130
Jul 11, 2024 19:39:45.179888964 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:45.179989100 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:45.180131912 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:45.180699110 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:45.180738926 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:46.221420050 CEST	49732	80	192.168.2.4	104.18.38.233
Jul 11, 2024 19:39:46.221472025 CEST	49733	80	192.168.2.4	104.18.38.233
Jul 11, 2024 19:39:46.221529961 CEST	49730	80	192.168.2.4	104.18.38.233
Jul 11, 2024 19:39:46.221570015 CEST	49731	80	192.168.2.4	172.64.149.23
Jul 11, 2024 19:39:46.533751965 CEST	49732	80	192.168.2.4	104.18.38.233
Jul 11, 2024 19:39:46.533752918 CEST	49730	80	192.168.2.4	104.18.38.233
Jul 11, 2024 19:39:46.533760071 CEST	49731	80	192.168.2.4	172.64.149.23
Jul 11, 2024 19:39:46.740111113 CEST	80	49731	172.64.149.23	192.168.2.4
Jul 11, 2024 19:39:46.740178108 CEST	80	49732	104.18.38.233	192.168.2.4
Jul 11, 2024 19:39:46.740207911 CEST	80	49730	104.18.38.233	192.168.2.4
Jul 11, 2024 19:39:46.742089033 CEST	80	49732	104.18.38.233	192.168.2.4
Jul 11, 2024 19:39:46.742120981 CEST	80	49733	104.18.38.233	192.168.2.4
Jul 11, 2024 19:39:46.742150068 CEST	80	49730	104.18.38.233	192.168.2.4
Jul 11, 2024 19:39:46.742181063 CEST	80	49731	172.64.149.23	192.168.2.4
Jul 11, 2024 19:39:46.742188931 CEST	49733	80	192.168.2.4	104.18.38.233
Jul 11, 2024 19:39:46.742244959 CEST	49731	80	192.168.2.4	172.64.149.23
Jul 11, 2024 19:39:46.742281914 CEST	49732	80	192.168.2.4	104.18.38.233
Jul 11, 2024 19:39:46.742281914 CEST	49730	80	192.168.2.4	104.18.38.233
Jul 11, 2024 19:39:46.742419004 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:46.742511034 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:46.743681908 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:46.743710995 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:46.744246006 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:46.745330095 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:46.788516998 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:47.022999048 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:47.023155928 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:47.023350000 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:47.023880959 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:47.023933887 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:47.023974895 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 11, 2024 19:39:47.023992062 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 11, 2024 19:39:49.183865070 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:49.184943914 CEST	49753	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:49.185004950 CEST	443	49753	173.222.162.32	192.168.2.4
Jul 11, 2024 19:39:49.185089111 CEST	49753	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:49.197247028 CEST	49753	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:49.197282076 CEST	443	49753	173.222.162.32	192.168.2.4
Jul 11, 2024 19:39:49.487015009 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:49.876533985 CEST	443	49753	173.222.162.32	192.168.2.4
Jul 11, 2024 19:39:49.876606941 CEST	49753	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:50.096245050 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:51.299369097 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:52.888081074 CEST	49754	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:52.893111944 CEST	80	49754	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:52.895133972 CEST	49754	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:52.895369053 CEST	49754	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:52.900229931 CEST	80	49754	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:53.494949102 CEST	80	49754	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:53.495035887 CEST	49754	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:53.498816013 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:53.498867989 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:53.498944998 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:53.552088976 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:53.552155018 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:53.705631971 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:54.165906906 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.165993929 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.438488960 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.438550949 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.438961029 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.439039946 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.453877926 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.500507116 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.617554903 CEST	49759	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.618371964 CEST	49760	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.622360945 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.622410059 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.622463942 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.622503996 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.622517109 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.622560978 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.622600079 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.622643948 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.624605894 CEST	49755	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.624624014 CEST	443	49755	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.644609928 CEST	80	49759	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.644653082 CEST	80	49760	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:54.644680977 CEST	49759	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.644718885 CEST	49760	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.649427891 CEST	49760	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:54.658729076 CEST	80	49760	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:55.260967016 CEST	80	49760	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:55.303589106 CEST	49760	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:55.496763945 CEST	80	49754	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:55.497283936 CEST	49754	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:55.771583080 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:55.771632910 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:55.771806002 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:55.773016930 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:55.773032904 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.401325941 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.401566029 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.401585102 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.403076887 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.403135061 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.404097080 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.404211044 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.404257059 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.404262066 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.450974941 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.653264046 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.653291941 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.653301954 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.653337955 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.653353930 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.653389931 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.653477907 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.653522015 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.653527021 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.653548002 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.653584957 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.662074089 CEST	49761	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.662092924 CEST	443	49761	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.703291893 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.703325987 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.703382969 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.703896046 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.703908920 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.707423925 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.707454920 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.707501888 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.707684994 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.707698107 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.708069086 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.708077908 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:56.708131075 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.708297968 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:56.708308935 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.264369011 CEST	80	49760	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.264544010 CEST	49760	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.291805983 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.301800013 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.302509069 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.305588007 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.305608988 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.306097031 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.306111097 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.306143045 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.306322098 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.306330919 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.306576967 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.306622982 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.306663990 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.306715012 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.306917906 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.307002068 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.307065010 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.307754040 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.307811975 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.308094978 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.308176994 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.308178902 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.348520994 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.350518942 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.350519896 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.350518942 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.350534916 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.350542068 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.396092892 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.519263983 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.519294024 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.519303083 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.519355059 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.519368887 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.519375086 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.519404888 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.557259083 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.557313919 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.557375908 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.557440042 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.557465076 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.557478905 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.557512999 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.557533026 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.557539940 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.557588100 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.560019016 CEST	49764	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.560030937 CEST	443	49764	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.560973883 CEST	49763	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.560991049 CEST	443	49763	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.564373016 CEST	49760	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.564594984 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.564608097 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.564707041 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.564883947 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.564889908 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.565047979 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.565058947 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.565073013 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.565372944 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.565382957 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.565516949 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.638355970 CEST	80	49760	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.638617039 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.638628960 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.638681889 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.638705969 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.638760090 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.638767004 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.643785954 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.643795967 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.643835068 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.643842936 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.643843889 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.643877983 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.643887997 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.643925905 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.651686907 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.651765108 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.723489046 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.723555088 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.725142956 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.725213051 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.725682020 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.725737095 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.727200031 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.727281094 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.728292942 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.728364944 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.729468107 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.729530096 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.810904026 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.810986996 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.811567068 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.811631918 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.811928988 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.811992884 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.812602043 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.812664032 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.816504002 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.816574097 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.816780090 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.816839933 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.817563057 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.817626953 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.818341970 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.818392992 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.818417072 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.818422079 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.818456888 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.818468094 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.818471909 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.818505049 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:57.818557978 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.931965113 CEST	49762	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:57.931984901 CEST	443	49762	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.112112999 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.112148046 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.112210989 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.112582922 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.112591028 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.112637043 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.113073111 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.113100052 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.113147020 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.114455938 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.114464045 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.114512920 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.185801983 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.185822010 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.185946941 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.185971022 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.186065912 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.186079025 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.186193943 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.186204910 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.186387062 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.186404943 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.186459064 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.186501980 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.186516047 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.186558962 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.187783957 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.187792063 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.187915087 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.187923908 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.251424074 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.251836061 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.251851082 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.251933098 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.252312899 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.253204107 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.253211975 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.253540039 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.253652096 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.253675938 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.253705978 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.254029036 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.254106998 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.254117012 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.296510935 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.298592091 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.298801899 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.298811913 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.470144987 CEST	49778	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.475080013 CEST	80	49778	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.475156069 CEST	49778	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.479358912 CEST	49759	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.483983040 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.484009027 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.484023094 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.484050989 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.484055996 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.484064102 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.484066010 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.484085083 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.484118938 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.484126091 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.484148979 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.484222889 CEST	80	49759	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.495697021 CEST	49768	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.495713949 CEST	443	49768	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.503317118 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.503375053 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.503444910 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.503696918 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.503710032 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.513927937 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:39:58.531125069 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.567846060 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.567872047 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.567918062 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.567965984 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.569686890 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.569705009 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.569741011 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.569785118 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.573079109 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.573100090 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.573138952 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.573178053 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.588773012 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.588843107 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.614438057 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.614507914 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.644643068 CEST	80	49759	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.659537077 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.659605026 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.659651995 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.659706116 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.659749031 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.659795046 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.659818888 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.659842014 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.660001040 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.660048962 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.676873922 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.676873922 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.676919937 CEST	443	49767	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.676970959 CEST	49767	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.681613922 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.681672096 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.681739092 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.682034016 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.682073116 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.689631939 CEST	49759	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.692707062 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:39:58.692784071 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:39:58.692858934 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:39:58.693053007 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:39:58.693077087 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:39:58.697525978 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.697560072 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.697608948 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.697770119 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.697782993 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.794938087 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.795181990 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.795197964 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.796406984 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.796567917 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.796577930 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.796869993 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.796926975 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.797219038 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.797327995 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.797391891 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.797400951 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.798005104 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.798064947 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.798424959 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.798504114 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.798527002 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.800622940 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.800928116 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.800935984 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.802057981 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.802305937 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.802325964 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.802354097 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.802375078 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.802706003 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.802767992 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.802788973 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.803853989 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.803915024 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.804164886 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.804235935 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.804241896 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.804254055 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.814124107 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.814357042 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.814368010 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.815227032 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.815288067 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.815594912 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.815650940 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.815747023 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.815757036 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.823645115 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.823879004 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.823898077 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.825036049 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.825088024 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.825383902 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.825460911 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.825563908 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.825577021 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.844502926 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.844521999 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.846575975 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.846576929 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.846587896 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.846600056 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.846600056 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.846609116 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.846621037 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:58.862826109 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.878886938 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.894151926 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.894184113 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:58.894184113 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.020402908 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.020435095 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.020445108 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.020504951 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.020514965 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.020534992 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.020649910 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.020720005 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.021071911 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.021095037 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.021096945 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.021101952 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.021167994 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.021172047 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.021228075 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.021291971 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.021301031 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.023458958 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.028502941 CEST	49769	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.028526068 CEST	443	49769	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030364037 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030438900 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030461073 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030489922 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030493021 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030519962 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.030529022 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030551910 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030574083 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030575037 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.030601025 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.030616999 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030638933 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.030652046 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.030682087 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.042877913 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.042934895 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.043028116 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.059525967 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.059551001 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.059612989 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.059622049 CEST	49783	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.059640884 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.059660912 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.059680939 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.059720993 CEST	49783	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.059994936 CEST	49783	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.060010910 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.065327883 CEST	49774	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.065346956 CEST	443	49774	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.068506956 CEST	49775	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.068521976 CEST	443	49775	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.076505899 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.099344015 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.099369049 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.099406958 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.099437952 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.100107908 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.100445986 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.100465059 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.100929976 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.101232052 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.101310015 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.101322889 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.107027054 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.107036114 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.107357025 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.107564926 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.107577085 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.107733965 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.108918905 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.108926058 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.108987093 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.116391897 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.116426945 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.116445065 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.116507053 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.116708040 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.116728067 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.116738081 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.116746902 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.116763115 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.116772890 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.116775036 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.116811991 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.120923996 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.120944023 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.121031046 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.121459007 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.121480942 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.121521950 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.121551037 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.121956110 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.121956110 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.121977091 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.121978045 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.122013092 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.122045994 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.122117996 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.122910023 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.122975111 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.134927988 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.134937048 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.135014057 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.148499966 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.149624109 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.156322956 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.156516075 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.183868885 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.183949947 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.195019960 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.196511030 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.197035074 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.197122097 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.202680111 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.202747107 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.202759027 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.202780008 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.202805996 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.202838898 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.202867985 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.202899933 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.203071117 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.203098059 CEST	443	49770	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.203113079 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.203375101 CEST	49786	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.203414917 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.203506947 CEST	49786	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.203996897 CEST	49770	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.204859972 CEST	49786	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.204873085 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.207710028 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.207806110 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.208074093 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.208235979 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.208276033 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.213711977 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.213783026 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.213918924 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.213978052 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.213992119 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.214090109 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.214112997 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.214142084 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.214179039 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.214334011 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.214351892 CEST	443	49771	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.214370012 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.214405060 CEST	49771	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.214549065 CEST	49788	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.214565039 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.215007067 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.215095043 CEST	49788	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.215137005 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.215403080 CEST	49788	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.215416908 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.215723038 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.215785027 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.216008902 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.216074944 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.216824055 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.216918945 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.216934919 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.217004061 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.217025042 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.217088938 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.217109919 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.217158079 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.222956896 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:39:59.223023891 CEST	443	49789	142.250.186.66	192.168.2.4
Jul 11, 2024 19:39:59.223406076 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:39:59.223483086 CEST	49772	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.223496914 CEST	443	49772	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.223705053 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.223727942 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.223793983 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.224198103 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:39:59.224231005 CEST	443	49789	142.250.186.66	192.168.2.4
Jul 11, 2024 19:39:59.224482059 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.224505901 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.228640079 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.228669882 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.228790045 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.229075909 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.229088068 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.309880972 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.310221910 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.310290098 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.311414957 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.311911106 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.312031984 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.312184095 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.319943905 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.320123911 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.320144892 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.321620941 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.321692944 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.322041035 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.322117090 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.322135925 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.326024055 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.326081038 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.326101065 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.326132059 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.326143026 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.326167107 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.352530956 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.365196943 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:39:59.368328094 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.368338108 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.368381023 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.391150951 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:39:59.391206980 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:39:59.395136118 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:39:59.395226002 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:39:59.396301031 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:39:59.396527052 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:39:59.412256002 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.412282944 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.412326097 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.412343025 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.412456036 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.412456036 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.412708044 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.412728071 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.412764072 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.412797928 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.413337946 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.413433075 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.413448095 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.413495064 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.413501024 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.413559914 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.413650990 CEST	49779	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.413667917 CEST	443	49779	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.414088011 CEST	49792	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.414159060 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.414228916 CEST	49792	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.415433884 CEST	49792	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.415462971 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.419872999 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.451550007 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:39:59.451584101 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:39:59.488316059 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.488380909 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.488452911 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.488900900 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.488931894 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.495642900 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:39:59.544965982 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.545032024 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.545209885 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.545279980 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.547245979 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.547303915 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.547352076 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.547363043 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.547441006 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.547487020 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.550477982 CEST	49782	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.550489902 CEST	443	49782	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.596107960 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.641124964 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.641155958 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.641274929 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.641274929 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.641642094 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.641709089 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.641726017 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.641863108 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.641925097 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.646212101 CEST	49780	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.646225929 CEST	443	49780	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.650171995 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.650243998 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.650449991 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.650638103 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.650672913 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.686374903 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.686652899 CEST	49783	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.686719894 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.687236071 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.687700987 CEST	49783	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.687832117 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.687963009 CEST	49783	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.728507996 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.817528009 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.817903996 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.817975044 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.818243027 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.819513083 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.819602013 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.820384026 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.820472956 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.820794106 CEST	49788	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.820815086 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.820969105 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.820991039 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.821369886 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.821748018 CEST	49788	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.821866035 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.821940899 CEST	49788	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.821995020 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.822415113 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.822424889 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.822747946 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.823472977 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.823543072 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.823590994 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.831859112 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.832075119 CEST	49786	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.832088947 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.832577944 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.832875013 CEST	49786	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.832957983 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.832976103 CEST	49786	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.840764046 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.841073990 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.841140985 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.841509104 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.841787100 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.841860056 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.841872931 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.864603043 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.864751101 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.864762068 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.868500948 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.879791975 CEST	49786	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.879806042 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.888497114 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.895102024 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.912378073 CEST	443	49789	142.250.186.66	192.168.2.4
Jul 11, 2024 19:39:59.912637949 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:39:59.912688017 CEST	443	49789	142.250.186.66	192.168.2.4
Jul 11, 2024 19:39:59.913853884 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.913878918 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.913944006 CEST	49783	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.913950920 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.914417982 CEST	49783	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.914990902 CEST	49783	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.915018082 CEST	443	49783	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.916224003 CEST	443	49789	142.250.186.66	192.168.2.4
Jul 11, 2024 19:39:59.916342974 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:39:59.917327881 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:39:59.917511940 CEST	443	49789	142.250.186.66	192.168.2.4
Jul 11, 2024 19:39:59.919955015 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.919990063 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.920047998 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.920248985 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:39:59.920264006 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:39:59.970347881 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:39:59.970383883 CEST	443	49789	142.250.186.66	192.168.2.4
Jul 11, 2024 19:40:00.018279076 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:40:00.043082952 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.043138027 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.043198109 CEST	49788	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.043210030 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.043277979 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.043327093 CEST	49788	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.044078112 CEST	49788	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.044085979 CEST	443	49788	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.044157028 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.044228077 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.044531107 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.046956062 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.047013998 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.047034979 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.047090054 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.047107935 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.050004959 CEST	49790	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.050050974 CEST	443	49790	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.053317070 CEST	49799	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.053409100 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.053620100 CEST	49799	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.053834915 CEST	49799	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.053877115 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.057213068 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.057395935 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.057840109 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.057905912 CEST	49786	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.058113098 CEST	49792	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.058132887 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.058613062 CEST	49786	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.058629990 CEST	443	49786	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.058651924 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.059366941 CEST	49792	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.059447050 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.059815884 CEST	49792	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.095432043 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.097388029 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.097409964 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.097417116 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.097454071 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.097505093 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.097584009 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.097620964 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.104496002 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.105271101 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.105474949 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.105520964 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.106643915 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.106908083 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.107003927 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.107094049 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.113162994 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.113183022 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.113251925 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.141736031 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.142091990 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.142111063 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.142151117 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.142206907 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.142566919 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.142585993 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.142627954 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.142673969 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.143208981 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.143228054 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.143280029 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.143322945 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.157399893 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.168045998 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.168056011 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.168088913 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.168138027 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.168178082 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.168705940 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.168713093 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.168768883 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.170259953 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.170268059 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.170352936 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.172049999 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.172058105 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.172142029 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.222250938 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.222341061 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.222811937 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.222878933 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.223467112 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.223536968 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.223560095 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.223608971 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.223618984 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.223716021 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.223767996 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.224915028 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.224922895 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.224993944 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.256155968 CEST	49791	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.256174088 CEST	443	49791	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.256799936 CEST	49800	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.256880045 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.256957054 CEST	49800	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.257591009 CEST	49800	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.257627010 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.257860899 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.257935047 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.259864092 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.259951115 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.261302948 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.261378050 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.262926102 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.263008118 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.264630079 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.264699936 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.282185078 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.284648895 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.284723997 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.284775972 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.284832954 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.296102047 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.296133995 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.296730995 CEST	49787	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.296765089 CEST	443	49787	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.297246933 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.297295094 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.297364950 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.297481060 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.297657967 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.297678947 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.298175097 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.298281908 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.298362970 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.298378944 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.298487902 CEST	49792	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.298854113 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.333172083 CEST	49792	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.333200932 CEST	443	49792	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.337428093 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.337501049 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.337522984 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.337594032 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.337630033 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.337657928 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.340524912 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.391575098 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.422610044 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.422650099 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.422668934 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.422736883 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.422791004 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.423691034 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.423712015 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.423768997 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.423794985 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.425056934 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.425080061 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.425129890 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.425240993 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.429306984 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.460824013 CEST	49794	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.460858107 CEST	443	49794	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.496478081 CEST	49802	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.496593952 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.496665955 CEST	49802	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.496932030 CEST	49802	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.496967077 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.546195030 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.546255112 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.546370029 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.546441078 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.558150053 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.558643103 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.558669090 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.559237957 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.559643030 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.559763908 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.559807062 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.598573923 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.604499102 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.613863945 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.633205891 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.633232117 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.633321047 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.633333921 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.633356094 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.633372068 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.633390903 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.633533955 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.633600950 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.634006023 CEST	49796	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.634047985 CEST	443	49796	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.645931959 CEST	80	49759	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.645987034 CEST	49759	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.658936024 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.659301043 CEST	49799	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.659368992 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.660604000 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.661106110 CEST	49799	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.661226988 CEST	49799	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.661300898 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.705969095 CEST	49799	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.786978006 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.787002087 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.787071943 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.787117004 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.787143946 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.787197113 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.787730932 CEST	49798	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.787760019 CEST	443	49798	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.790498972 CEST	49759	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.795494080 CEST	80	49759	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.873975039 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.874336004 CEST	49800	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.874404907 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.874916077 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.875201941 CEST	49800	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.875294924 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.875324011 CEST	49800	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.885387897 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.885441065 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.885580063 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.885642052 CEST	49799	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.886095047 CEST	49799	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.886126041 CEST	443	49799	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.889550924 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.889935970 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.889964104 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.891021013 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.891098022 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.891370058 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.891442060 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.891474962 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.916518927 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.924068928 CEST	49800	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.936501026 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.939091921 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:00.939102888 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:00.985008955 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.095938921 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.096559048 CEST	49802	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.096587896 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.096923113 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.097218990 CEST	49802	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.097284079 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.097341061 CEST	49802	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.105746984 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.105942965 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.106131077 CEST	49800	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.107253075 CEST	49800	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.107297897 CEST	443	49800	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.116074085 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.116255045 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.116513968 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.122962952 CEST	49801	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.122984886 CEST	443	49801	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.132157087 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.132179976 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.132302999 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.132528067 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.132535934 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.140542984 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.140821934 CEST	49802	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.158721924 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.158757925 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.159002066 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.161425114 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.161438942 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.162251949 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.162260056 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.162379026 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.162559986 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.162571907 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.203196049 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.203232050 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.203524113 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.203524113 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.203571081 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.226861954 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.226903915 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.227169037 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.227351904 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.227366924 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.271354914 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:01.271395922 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:01.271770954 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:01.271770954 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:01.271804094 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:01.323633909 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.323708057 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.323937893 CEST	49802	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.324692965 CEST	49802	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:01.324707985 CEST	443	49802	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:01.811259985 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.825802088 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.832129955 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.832156897 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.832257986 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.832266092 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.833276033 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.833350897 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.833739996 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.833805084 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.833863020 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.834256887 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.834264040 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.835793972 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.835864067 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.838502884 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.838675022 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.838694096 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.838701963 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.838840008 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.838849068 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.841970921 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.842066050 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.847477913 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.847615957 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.847651958 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.864180088 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.864370108 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.864377975 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.868058920 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.868134975 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.869277000 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.869457960 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.870744944 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.870754004 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.879021883 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.879024982 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.883275986 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.883471012 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.883503914 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.884957075 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.885036945 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.885447025 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.885530949 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.885719061 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.885739088 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.895724058 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.895733118 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:01.911588907 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.926666021 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:01.940572977 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.073067904 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.073172092 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.081562042 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.081593037 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.081780910 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.091795921 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.093957901 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.094050884 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.094408989 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.095980883 CEST	49808	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.096029997 CEST	443	49808	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.107074976 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.107230902 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.107255936 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.107278109 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.107280016 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.107287884 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.107323885 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.107827902 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.107873917 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.114300966 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.116949081 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.116998911 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.131530046 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.131743908 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.131822109 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.132528067 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.168098927 CEST	49806	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.168131113 CEST	443	49806	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.250685930 CEST	49804	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.250696898 CEST	443	49804	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.426517963 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.426587105 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.426630020 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.426650047 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.426680088 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.426693916 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.426724911 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.428553104 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.428669930 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.428693056 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.428739071 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.428843021 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.428879023 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.428896904 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.442653894 CEST	49809	443	192.168.2.4	40.68.123.157
Jul 11, 2024 19:40:02.442673922 CEST	443	49809	40.68.123.157	192.168.2.4
Jul 11, 2024 19:40:02.655468941 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.655587912 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.655677080 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.655677080 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.655709982 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.655849934 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.655898094 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.655909061 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.655946016 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.657599926 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.657665968 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.657885075 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.657953978 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.657995939 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.658346891 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.658385992 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.658391953 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.658425093 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.662975073 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.663326025 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.663393974 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.663403034 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.663866043 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.664038897 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.664097071 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.664104939 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.667882919 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.669595003 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.669603109 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.670140028 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.670268059 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.670274019 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.674431086 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.675087929 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.675096035 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.676650047 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.679001093 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.679008007 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.719222069 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.725122929 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.742019892 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.744991064 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.749609947 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.750613928 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.750623941 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.751620054 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.752609968 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.752676010 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.752679110 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.752684116 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.752687931 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.755042076 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.758999109 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.759004116 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.760798931 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.760878086 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.760885000 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.761795044 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.762989044 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.762995005 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.767945051 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.769510031 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.769575119 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.769583941 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.769614935 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.769620895 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.772443056 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.774935007 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.774998903 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.775005102 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.775006056 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.775012016 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.778991938 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.782031059 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.782119036 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.782121897 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.782129049 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.782129049 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.785475016 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.787005901 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.787014961 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.788183928 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.790994883 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.791002989 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.795068979 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.795667887 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.795734882 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.795742989 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.795785904 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.795794010 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.798080921 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.798990011 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.798998117 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.800558090 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.800609112 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.800616026 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.804583073 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.806999922 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.807009935 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.807097912 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.807241917 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.807302952 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.807310104 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.810332060 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.810396910 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.810398102 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.810405016 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.813220024 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.816343069 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.816405058 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.816414118 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.819346905 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.819991112 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.820013046 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.820025921 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.822994947 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.836669922 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.836872101 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.836930990 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.836941004 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.836985111 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.836992025 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.838587046 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.839258909 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.839313030 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.839334011 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.839345932 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.842991114 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.844151974 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.845201015 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.845210075 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.846966982 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.847119093 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.847176075 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.847183943 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.853192091 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.853285074 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.853290081 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.853739023 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.853789091 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.853796959 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.857456923 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.857511997 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.857518911 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.858035088 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.858089924 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.858097076 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.863543034 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.863601923 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.863607883 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.864619017 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.864722967 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.864784002 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.864793062 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.864834070 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.867758036 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.867902040 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.867994070 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.868000031 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.868037939 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.868453979 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.873364925 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.873663902 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.873727083 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.873739004 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.873775005 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.873826027 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.873833895 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.878859997 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.878947020 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.878953934 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.879431963 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.879487991 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.879493952 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.884531021 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.884865046 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.884871006 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.884918928 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.885179996 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.885189056 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.887424946 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.891026020 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.891041994 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.892671108 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.893156052 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.893237114 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.893244028 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.893258095 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.893260956 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.893268108 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.893302917 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.897726059 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.898062944 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.898123980 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.898132086 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.903259039 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.903309107 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.903318882 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.903649092 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.903691053 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.903696060 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.907274008 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.907322884 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.907330990 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.907587051 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.907628059 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.907633066 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.911978006 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.912026882 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.912033081 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.912226915 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.912271976 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.912278891 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.916296005 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.916354895 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.916362047 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.916759014 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.916810036 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.916815996 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.920330048 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.920433998 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.920440912 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.920571089 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.920619011 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.920624971 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.925107956 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.925172091 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.925518036 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.925573111 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.925578117 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.928731918 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.928908110 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.928914070 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.932429075 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.932477951 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.932490110 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.944327116 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.944376945 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.944382906 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.944828033 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.944905043 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.944910049 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.945204973 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.945303917 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:02.945307970 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.945653915 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:02.945710897 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.011254072 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.011657000 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.133595943 CEST	49805	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.133622885 CEST	443	49805	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.137610912 CEST	49807	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.137633085 CEST	443	49807	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.138196945 CEST	49813	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.138298035 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.138673067 CEST	49813	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.141185045 CEST	49814	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.141208887 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.141285896 CEST	49814	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.145534992 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.145561934 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.145951033 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.154314041 CEST	49813	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.154335022 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.154645920 CEST	49814	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.154659033 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.158787012 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.158802032 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.833223104 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.833488941 CEST	49814	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.833559990 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.834774017 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.835094929 CEST	49814	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.835278988 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.835282087 CEST	49814	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.835383892 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.842789888 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.842988014 CEST	49813	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.843049049 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.843333006 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.843605995 CEST	49813	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.843676090 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.843758106 CEST	49813	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.843801022 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.847779989 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.848393917 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.848431110 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.849458933 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.849524021 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.849802971 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.849875927 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.849946022 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.849976063 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.891273022 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.891282082 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:03.952814102 CEST	49814	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:03.952814102 CEST	49813	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.019135952 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.019440889 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.019521952 CEST	49814	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.020028114 CEST	49814	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.020073891 CEST	443	49814	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.075246096 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:04.075284958 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:04.075422049 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:04.075539112 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:04.075546026 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:04.092876911 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.283983946 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.299478054 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.299563885 CEST	49813	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.300488949 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.307744026 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.307796955 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.314311981 CEST	49813	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.314323902 CEST	443	49813	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.320390940 CEST	49815	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.320395947 CEST	443	49815	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.332015991 CEST	49824	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.332055092 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.332957029 CEST	49824	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.333434105 CEST	49824	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.333447933 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.779648066 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:04.779871941 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:04.779886007 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:04.783449888 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:04.783540010 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:04.784034967 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:04.784115076 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:04.784185886 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:04.784195900 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:04.889451027 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:04.998678923 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:04.999691010 CEST	49824	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:04.999701977 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.000180960 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.002954960 CEST	49824	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.003038883 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.003597021 CEST	49824	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.003638983 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.105664015 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.106093884 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.106393099 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:05.108154058 CEST	49823	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:05.108179092 CEST	443	49823	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.188724041 CEST	49830	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:05.188772917 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.189033985 CEST	49830	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:05.189621925 CEST	49831	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.189712048 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.189903021 CEST	49830	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:05.189920902 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.189996958 CEST	49831	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.190196037 CEST	49831	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.190236092 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.235409975 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.235994101 CEST	49824	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.236109018 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.236171961 CEST	49824	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.236180067 CEST	443	49824	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.236507893 CEST	49824	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.248652935 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.248766899 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.248846054 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.249020100 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.249058008 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.857795954 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.858056068 CEST	49831	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.858124018 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.858604908 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.858865976 CEST	49831	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.858958960 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.859006882 CEST	49831	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.871083975 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.871329069 CEST	49830	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:05.871371031 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.871839046 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.872127056 CEST	49830	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:05.872214079 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.872243881 CEST	49830	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:05.900504112 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.912529945 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:05.941159010 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.941386938 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.941415071 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.942960978 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.943027973 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.943319082 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.943401098 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.943460941 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:05.943495989 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:05.953250885 CEST	49831	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.076517105 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:06.077311993 CEST	49830	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:06.079036951 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.079102993 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.168551922 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.169226885 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.169347048 CEST	49831	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.170305967 CEST	49831	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.170348883 CEST	443	49831	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.175419092 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:06.175604105 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:06.175708055 CEST	49830	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:06.177536964 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.181741953 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.193800926 CEST	49832	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.193816900 CEST	443	49832	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.194147110 CEST	49830	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:06.194192886 CEST	443	49830	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:06.200109005 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.200153112 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.200242996 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.200418949 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.200447083 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.779201031 CEST	49840	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.779254913 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.779388905 CEST	49840	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.781164885 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.781225920 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.781297922 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.781517029 CEST	49840	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.781531096 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.781676054 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.781691074 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.918207884 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.918626070 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.918684959 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.919169903 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.919506073 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.919600010 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.919658899 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:06.960501909 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:06.962205887 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.232609987 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.232811928 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.233370066 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.233408928 CEST	443	49838	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.233424902 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.237689972 CEST	49838	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.439698935 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.483462095 CEST	49840	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.488430023 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.501512051 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.501547098 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.501637936 CEST	49840	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.501651049 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.502477884 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.502522945 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.502599955 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.502933979 CEST	49840	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.503029108 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.503195047 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.503259897 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.503370047 CEST	49840	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.503401041 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.503458023 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.503474951 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.553035021 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.735150099 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.736268997 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.736341000 CEST	49840	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.744124889 CEST	49840	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.744144917 CEST	443	49840	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.758601904 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:07.758646011 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:07.759010077 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:07.759172916 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:07.759186029 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:07.766330957 CEST	49844	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.766366959 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.766427040 CEST	49844	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.766614914 CEST	49844	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.766625881 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.823517084 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.824366093 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.824448109 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.826427937 CEST	49841	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.826446056 CEST	443	49841	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.917022943 CEST	49845	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.917059898 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:07.917157888 CEST	49845	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.917442083 CEST	49845	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:07.917452097 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.125757933 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:40:08.354986906 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.355268955 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.355284929 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.356362104 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.356631994 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.356785059 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.356790066 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.356857061 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.410022020 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.411442995 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.415524006 CEST	49844	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.415541887 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.416045904 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.417623043 CEST	49844	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.417704105 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.417844057 CEST	49844	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.417875051 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.555339098 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.555600882 CEST	49845	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.555644035 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.556148052 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.556437969 CEST	49845	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.556539059 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.556615114 CEST	49845	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.556646109 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.580840111 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.580900908 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.580921888 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.581011057 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.581027985 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.581069946 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.581873894 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.581882000 CEST	443	49843	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.581892014 CEST	49843	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.586850882 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.586872101 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.586932898 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.587280989 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:08.587291002 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:08.597292900 CEST	49845	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.639369011 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.640573978 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.640667915 CEST	49844	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.641491890 CEST	49844	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.641505957 CEST	443	49844	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.770400047 CEST	49847	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.770442963 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.770508051 CEST	49847	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.772474051 CEST	49847	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.772491932 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.779428005 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.779531956 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.779681921 CEST	49845	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.787802935 CEST	49845	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.787838936 CEST	443	49845	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.788609028 CEST	49848	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.788625002 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:08.788691998 CEST	49848	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.789088011 CEST	49848	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:08.789102077 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.041660070 CEST	443	49753	173.222.162.32	192.168.2.4
Jul 11, 2024 19:40:09.041732073 CEST	49753	443	192.168.2.4	173.222.162.32
Jul 11, 2024 19:40:09.215776920 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:09.216192961 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:09.216214895 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:09.217348099 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:09.217618942 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:09.217740059 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:09.217744112 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:09.217784882 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:09.267088890 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:09.274800062 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:40:09.274966955 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:40:09.275307894 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:40:09.451649904 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:09.451705933 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:09.451814890 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:09.451831102 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:09.453196049 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:09.453394890 CEST	49846	443	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:09.453416109 CEST	443	49846	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:09.456741095 CEST	49781	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:40:09.456819057 CEST	443	49781	142.250.186.164	192.168.2.4
Jul 11, 2024 19:40:09.492327929 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.494091034 CEST	49847	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.494115114 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.494594097 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.496928930 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.497256994 CEST	49847	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.497358084 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.497375965 CEST	49848	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.497386932 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.497579098 CEST	49847	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.497606039 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.497931004 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.498203039 CEST	49848	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.498292923 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.498534918 CEST	49848	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.498569965 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.752324104 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.754549026 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.757639885 CEST	49847	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.831006050 CEST	49847	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.831041098 CEST	443	49847	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.845799923 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.846052885 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.846122980 CEST	49848	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.846946001 CEST	49848	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.846961021 CEST	443	49848	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.850956917 CEST	49852	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.850996971 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.851070881 CEST	49852	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.851407051 CEST	49852	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.851422071 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.853890896 CEST	49853	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.853924036 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:09.854072094 CEST	49853	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.854253054 CEST	49853	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:09.854271889 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.150840998 CEST	49856	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:10.150872946 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:10.151053905 CEST	49856	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:10.151334047 CEST	49856	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:10.151351929 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:10.521321058 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.522378922 CEST	49853	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.522416115 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.522878885 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.523183107 CEST	49853	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.523263931 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.523384094 CEST	49853	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.523415089 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.541565895 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.543996096 CEST	49852	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.544008017 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.544496059 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.544948101 CEST	49852	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.544948101 CEST	49852	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.544980049 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.545037985 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.594716072 CEST	49852	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.752453089 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.753123045 CEST	49853	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.753191948 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.753271103 CEST	443	49853	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.753340006 CEST	49853	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.753412008 CEST	49853	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.780289888 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.780630112 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.780684948 CEST	49852	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.781147957 CEST	49852	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:10.781182051 CEST	443	49852	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:10.830372095 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:10.830604076 CEST	49856	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:10.830625057 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:10.830944061 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:10.831332922 CEST	49856	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:10.831334114 CEST	49856	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:10.831355095 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:10.831402063 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:10.875988960 CEST	49856	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:11.143405914 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:11.143562078 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:11.145515919 CEST	49856	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:11.150401115 CEST	49856	443	192.168.2.4	142.250.186.68
Jul 11, 2024 19:40:11.150465012 CEST	443	49856	142.250.186.68	192.168.2.4
Jul 11, 2024 19:40:12.824774981 CEST	49861	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:12.824805021 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:12.824919939 CEST	49861	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:12.825198889 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:12.825206995 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:12.825259924 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:12.825417995 CEST	49861	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:12.825438023 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:12.825558901 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:12.825571060 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.463720083 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.464428902 CEST	49861	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.464438915 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.464745045 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.465699911 CEST	49861	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.465780973 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.466348886 CEST	49861	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.466387033 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.479980946 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.480221033 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.480238914 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.481432915 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.481744051 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.481823921 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.481858969 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.481884956 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.532495975 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.778189898 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.779594898 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.779736042 CEST	49861	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.800312042 CEST	49861	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.800337076 CEST	443	49861	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.806782007 CEST	49866	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.806814909 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.806898117 CEST	49866	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.807058096 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.807132959 CEST	49866	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.807147980 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.807735920 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.807766914 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.807781935 CEST	443	49862	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.807791948 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.807842016 CEST	49862	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.818938017 CEST	49867	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.818991899 CEST	443	49867	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:13.819056988 CEST	49867	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.819325924 CEST	49867	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:13.819339991 CEST	443	49867	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.090293884 CEST	443	49867	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.090823889 CEST	49867	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.090861082 CEST	443	49867	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.091311932 CEST	443	49867	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.091712952 CEST	49867	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.091784000 CEST	443	49867	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.091892004 CEST	49867	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.091918945 CEST	443	49867	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.092747927 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.094010115 CEST	49866	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.094027042 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.094497919 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.095029116 CEST	49866	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.095029116 CEST	49866	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.095060110 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.095119953 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.143105984 CEST	49866	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.359783888 CEST	443	49867	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.359858036 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.359957933 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.360021114 CEST	49866	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.360646963 CEST	49867	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.360703945 CEST	443	49867	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:16.360758066 CEST	49867	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.361107111 CEST	49866	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:16.361133099 CEST	443	49866	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:18.775281906 CEST	49868	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:18.775317907 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:18.775394917 CEST	49868	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:18.775680065 CEST	49868	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:18.775700092 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:18.791532993 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:18.791579008 CEST	443	49869	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:18.791646957 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:18.792133093 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:18.792150974 CEST	443	49869	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.448122025 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.448545933 CEST	49868	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.448575020 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.449692011 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.450000048 CEST	49868	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.450174093 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.450177908 CEST	49868	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.450284004 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.496531010 CEST	443	49869	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.496838093 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.496867895 CEST	443	49869	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.497992992 CEST	443	49869	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.498291016 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.498424053 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.498473883 CEST	443	49869	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.501718044 CEST	49868	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.548590899 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.681569099 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.682122946 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.682202101 CEST	49868	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.682818890 CEST	49868	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.682841063 CEST	443	49868	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.686445951 CEST	49870	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.686492920 CEST	443	49870	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.686650991 CEST	49870	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.686870098 CEST	49870	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.686886072 CEST	443	49870	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.829070091 CEST	443	49869	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.829771996 CEST	443	49869	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.829813957 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.829844952 CEST	443	49869	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.829862118 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.829922915 CEST	49869	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.833292961 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.833333015 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:19.833401918 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.833651066 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:19.833671093 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.344855070 CEST	443	49870	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.345105886 CEST	49870	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.345132113 CEST	443	49870	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.345438004 CEST	443	49870	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.345724106 CEST	49870	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.345781088 CEST	443	49870	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.345953941 CEST	49870	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.345977068 CEST	443	49870	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.548341036 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.548870087 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.548912048 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.549870968 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.549938917 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.550400019 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.550456047 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.550707102 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.550718069 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.575922966 CEST	443	49870	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.576605082 CEST	49870	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.576710939 CEST	443	49870	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.576785088 CEST	49870	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.595443010 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.905791998 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.906832933 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.906846046 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.906862974 CEST	443	49871	172.217.18.2	192.168.2.4
Jul 11, 2024 19:40:20.906924009 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:20.906975031 CEST	49871	443	192.168.2.4	172.217.18.2
Jul 11, 2024 19:40:43.476082087 CEST	49778	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:43.481363058 CEST	80	49778	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:44.985734940 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:40:44.985775948 CEST	443	49789	142.250.186.66	192.168.2.4
Jul 11, 2024 19:40:56.055967093 CEST	50045	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:56.060844898 CEST	53	50045	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:56.060935974 CEST	50045	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:56.060960054 CEST	50045	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:56.065934896 CEST	53	50045	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:56.540294886 CEST	53	50045	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:56.541853905 CEST	50045	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:56.547888041 CEST	53	50045	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:56.547995090 CEST	50045	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:58.737071037 CEST	49778	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:58.737631083 CEST	50047	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:40:58.737658978 CEST	443	50047	142.250.186.164	192.168.2.4
Jul 11, 2024 19:40:58.738094091 CEST	50047	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:40:58.738261938 CEST	50047	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:40:58.738276005 CEST	443	50047	142.250.186.164	192.168.2.4
Jul 11, 2024 19:40:58.743014097 CEST	80	49778	46.21.150.242	192.168.2.4
Jul 11, 2024 19:40:58.743082047 CEST	49778	80	192.168.2.4	46.21.150.242
Jul 11, 2024 19:40:59.372550964 CEST	443	50047	142.250.186.164	192.168.2.4
Jul 11, 2024 19:40:59.373455048 CEST	50047	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:40:59.373471975 CEST	443	50047	142.250.186.164	192.168.2.4
Jul 11, 2024 19:40:59.373832941 CEST	443	50047	142.250.186.164	192.168.2.4
Jul 11, 2024 19:40:59.374907970 CEST	50047	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:40:59.374979973 CEST	443	50047	142.250.186.164	192.168.2.4
Jul 11, 2024 19:40:59.422703981 CEST	50047	443	192.168.2.4	142.250.186.164
Jul 11, 2024 19:41:00.847706079 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:41:00.847834110 CEST	443	49789	142.250.186.66	192.168.2.4
Jul 11, 2024 19:41:00.847908974 CEST	49789	443	192.168.2.4	142.250.186.66
Jul 11, 2024 19:41:09.292124987 CEST	443	50047	142.250.186.164	192.168.2.4
Jul 11, 2024 19:41:09.292273998 CEST	443	50047	142.250.186.164	192.168.2.4
Jul 11, 2024 19:41:09.292372942 CEST	50047	443	192.168.2.4	142.250.186.164

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 11, 2024 19:39:21.322031975 CEST	138	138	192.168.2.4	192.168.2.255
Jul 11, 2024 19:39:38.755371094 CEST	59276	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:38.763505936 CEST	53	59276	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:39.209182024 CEST	61840	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:39.217567921 CEST	53	61840	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:39.636173964 CEST	55908	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:39.646869898 CEST	53	55908	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:40.946464062 CEST	65056	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:40.958431959 CEST	53	65056	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:52.570440054 CEST	55700	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:52.871979952 CEST	53	55700	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:54.301858902 CEST	64317	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:54.302079916 CEST	57834	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:54.331283092 CEST	53	59685	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:54.410180092 CEST	53	56326	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:54.465105057 CEST	53	57834	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:54.615771055 CEST	53	64317	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:55.424097061 CEST	59997	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:55.424413919 CEST	54070	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:55.726789951 CEST	53	54070	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:55.751225948 CEST	53	59997	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:55.827361107 CEST	53	59895	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:56.712572098 CEST	53	60292	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:57.569231033 CEST	59128	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:57.569308043 CEST	50112	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:57.783112049 CEST	53	50112	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:57.957367897 CEST	53	59128	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:58.207490921 CEST	53	65184	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:58.675228119 CEST	49851	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:58.675376892 CEST	58614	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:58.686629057 CEST	53	58614	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:58.689960957 CEST	53	49851	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:59.211445093 CEST	52688	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:59.211597919 CEST	58105	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:39:59.218830109 CEST	53	58105	1.1.1.1	192.168.2.4
Jul 11, 2024 19:39:59.218879938 CEST	53	52688	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:00.507333040 CEST	53	58808	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:01.121942043 CEST	61899	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:01.122256994 CEST	52909	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:01.129183054 CEST	53	61899	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:01.131364107 CEST	53	52909	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:03.146953106 CEST	53	52925	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:04.063107014 CEST	62314	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:04.063400984 CEST	51330	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:04.069839954 CEST	53	62314	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:04.070964098 CEST	53	51330	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:04.387708902 CEST	53	57008	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:05.239844084 CEST	58963	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:05.239983082 CEST	49927	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:05.247673035 CEST	53	49927	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:05.248284101 CEST	53	58963	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:08.911686897 CEST	53	49278	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:10.939559937 CEST	63213	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:11.240643024 CEST	53	63213	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:12.817905903 CEST	53	54623	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:27.895237923 CEST	54189	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:28.343956947 CEST	53	54189	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:31.857009888 CEST	53	59319	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:46.924196959 CEST	51660	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:40:47.080729008 CEST	53	51660	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:53.967514992 CEST	53	54818	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:54.743822098 CEST	53	53470	1.1.1.1	192.168.2.4
Jul 11, 2024 19:40:56.055507898 CEST	53	50392	1.1.1.1	192.168.2.4
Jul 11, 2024 19:41:09.799529076 CEST	52347	53	192.168.2.4	1.1.1.1
Jul 11, 2024 19:41:10.814558029 CEST	52347	53	192.168.2.4	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 11, 2024 19:39:38.755371094 CEST	192.168.2.4	1.1.1.1	0x6519	Standard query (0)	flow.lavasoft.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:39.209182024 CEST	192.168.2.4	1.1.1.1	0x8c3d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:39.636173964 CEST	192.168.2.4	1.1.1.1	0x15e6	Standard query (0)	flow.lavasoft.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:40.946464062 CEST	192.168.2.4	1.1.1.1	0xed8a	Standard query (0)	sos.adaware.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:52.570440054 CEST	192.168.2.4	1.1.1.1	0xfac	Standard query (0)	www.burnaware.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:54.301858902 CEST	192.168.2.4	1.1.1.1	0xe4c3	Standard query (0)	www.burnaware.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:54.302079916 CEST	192.168.2.4	1.1.1.1	0x8ecf	Standard query (0)	www.burnaware.com	65	IN (0x0001)	false
Jul 11, 2024 19:39:55.424097061 CEST	192.168.2.4	1.1.1.1	0xc593	Standard query (0)	www.burnaware.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:55.424413919 CEST	192.168.2.4	1.1.1.1	0x2eb0	Standard query (0)	www.burnaware.com	65	IN (0x0001)	false
Jul 11, 2024 19:39:57.569231033 CEST	192.168.2.4	1.1.1.1	0x4ee6	Standard query (0)	www.burnaware.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:57.569308043 CEST	192.168.2.4	1.1.1.1	0x6bd3	Standard query (0)	www.burnaware.com	65	IN (0x0001)	false
Jul 11, 2024 19:39:58.675228119 CEST	192.168.2.4	1.1.1.1	0x2c6e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:58.675376892 CEST	192.168.2.4	1.1.1.1	0x300b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 11, 2024 19:39:59.211445093 CEST	192.168.2.4	1.1.1.1	0x7a2b	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:59.211597919 CEST	192.168.2.4	1.1.1.1	0x9502	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Jul 11, 2024 19:40:01.121942043 CEST	192.168.2.4	1.1.1.1	0xb720	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:01.122256994 CEST	192.168.2.4	1.1.1.1	0x1dca	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Jul 11, 2024 19:40:04.063107014 CEST	192.168.2.4	1.1.1.1	0x92f3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:04.063400984 CEST	192.168.2.4	1.1.1.1	0x8128	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 11, 2024 19:40:05.239844084 CEST	192.168.2.4	1.1.1.1	0xe17d	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:05.239983082 CEST	192.168.2.4	1.1.1.1	0x41de	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Jul 11, 2024 19:40:10.939559937 CEST	192.168.2.4	1.1.1.1	0x3082	Standard query (0)	www.burnaware.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:27.895237923 CEST	192.168.2.4	1.1.1.1	0x2597	Standard query (0)	www.burnaware.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:46.924196959 CEST	192.168.2.4	1.1.1.1	0x4120	Standard query (0)	www.burnaware.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:41:09.799529076 CEST	192.168.2.4	1.1.1.1	0xdb87	Standard query (0)	www.burnaware.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:41:10.814558029 CEST	192.168.2.4	1.1.1.1	0xdb87	Standard query (0)	www.burnaware.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 11, 2024 19:39:38.763505936 CEST	1.1.1.1	192.168.2.4	0x6519	No error (0)	flow.lavasoft.com	104.16.148.130	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:38.763505936 CEST	1.1.1.1	192.168.2.4	0x6519	No error (0)	flow.lavasoft.com	104.16.149.130	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:39.217567921 CEST	1.1.1.1	192.168.2.4	0x8c3d	No error (0)	www.google.com	142.250.185.132	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:39.646869898 CEST	1.1.1.1	192.168.2.4	0x15e6	No error (0)	flow.lavasoft.com	104.16.148.130	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:39.646869898 CEST	1.1.1.1	192.168.2.4	0x15e6	No error (0)	flow.lavasoft.com	104.16.149.130	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:40.958431959 CEST	1.1.1.1	192.168.2.4	0xed8a	No error (0)	sos.adaware.com	104.16.212.94	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:40.958431959 CEST	1.1.1.1	192.168.2.4	0xed8a	No error (0)	sos.adaware.com	104.16.213.94	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:52.871979952 CEST	1.1.1.1	192.168.2.4	0xfac	No error (0)	www.burnaware.com	46.21.150.242	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:54.615771055 CEST	1.1.1.1	192.168.2.4	0xe4c3	No error (0)	www.burnaware.com	46.21.150.242	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:55.751225948 CEST	1.1.1.1	192.168.2.4	0xc593	No error (0)	www.burnaware.com	46.21.150.242	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:57.957367897 CEST	1.1.1.1	192.168.2.4	0x4ee6	No error (0)	www.burnaware.com	46.21.150.242	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:58.686629057 CEST	1.1.1.1	192.168.2.4	0x300b	No error (0)	www.google.com		65	IN (0x0001)	false
Jul 11, 2024 19:39:58.689960957 CEST	1.1.1.1	192.168.2.4	0x2c6e	No error (0)	www.google.com	142.250.186.164	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:39:59.218830109 CEST	1.1.1.1	192.168.2.4	0x9502	No error (0)	googleads.g.doubleclick.net		65	IN (0x0001)	false
Jul 11, 2024 19:39:59.218879938 CEST	1.1.1.1	192.168.2.4	0x7a2b	No error (0)	googleads.g.doubleclick.net	142.250.186.66	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:01.129183054 CEST	1.1.1.1	192.168.2.4	0xb720	No error (0)	googleads.g.doubleclick.net	172.217.18.2	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:01.131364107 CEST	1.1.1.1	192.168.2.4	0x1dca	No error (0)	googleads.g.doubleclick.net		65	IN (0x0001)	false
Jul 11, 2024 19:40:04.069839954 CEST	1.1.1.1	192.168.2.4	0x92f3	No error (0)	www.google.com	142.250.186.68	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:04.070964098 CEST	1.1.1.1	192.168.2.4	0x8128	No error (0)	www.google.com		65	IN (0x0001)	false
Jul 11, 2024 19:40:05.247673035 CEST	1.1.1.1	192.168.2.4	0x41de	No error (0)	googleads.g.doubleclick.net		65	IN (0x0001)	false
Jul 11, 2024 19:40:05.248284101 CEST	1.1.1.1	192.168.2.4	0xe17d	No error (0)	googleads.g.doubleclick.net	172.217.18.2	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:11.240643024 CEST	1.1.1.1	192.168.2.4	0x3082	No error (0)	www.burnaware.com	46.21.150.242	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:28.343956947 CEST	1.1.1.1	192.168.2.4	0x2597	No error (0)	www.burnaware.com	46.21.150.242	A (IP address)	IN (0x0001)	false
Jul 11, 2024 19:40:47.080729008 CEST	1.1.1.1	192.168.2.4	0x4120	No error (0)	www.burnaware.com	46.21.150.242	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

flow.lavasoft.com

sos.adaware.com

fs.microsoft.com

www.burnaware.com

https:

googleads.g.doubleclick.net

www.google.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	104.16.148.130	80	1228	C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 11, 2024 19:39:38.782654047 CEST	455	OUT	POST /v1/event-stat?ProductID=IS&Type=StubStart HTTP/1.1 Host: flow.lavasoft.com Accept: application/json Content-Type: application/json charsets: utf-8 Content-Length: 274 Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 41 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 33 61 61 32 33 36 63 33 2d 30 64 31 63 2d 66 31 37 37 2d 34 39 32 30 2d 31 63 32 62 65 32 35 38 31 66 30 62 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 34 62 62 34 31 65 38 64 2d 37 64 30 63 2d 34 32 63 31 2d 61 30 39 64 2d 37 34 62 32 34 38 39 37 65 64 61 38 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 20 28 62 75 69 6c 64 20 31 39 30 34 35 29 2c 20 36 34 2d 62 69 74 22 2c 22 44 6f 74 4e 65 74 46 72 61 6d 65 77 6f 72 6b 22 3a 22 33 2e 35 2c 20 34 2e 30 20 43 6c 69 65 6e 74 2c 20 34 2e 30 20 46 75 6c 6c 2c 20 34 2e 35 2c 20 34 2e 35 2e 31 2c 20 34 2e 35 2e 32 2c 20 34 2e 36 2c 20 34 2e 36 2e 31 2c 20 34 2e 36 2e 32 22 7d 7d 0a Data Ascii: {"Data":{"BundleId":"BA002","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","OsVersion":"Microsoft Windows 10 (build 19045), 64-bit","DotNetFramework":"3.5, 4.0 Client, 4.0 Full, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2"}}
Jul 11, 2024 19:39:39.291387081 CEST	524	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:39 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin Access-Control-Expose-Headers: Content-Length,Content-Range CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8a1a92f9e8a8c338-EWR Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 1d{"message":"Event persisted"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	104.16.148.130	80	1228	C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 11, 2024 19:39:39.321070910 CEST	338	OUT	POST /v1/event-stat?ProductID=IS&Type=StubBundleStart HTTP/1.1 Host: flow.lavasoft.com Accept: application/json Content-Type: application/json charsets: utf-8 Content-Length: 151 Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 41 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 33 61 61 32 33 36 63 33 2d 30 64 31 63 2d 66 31 37 37 2d 34 39 32 30 2d 31 63 32 62 65 32 35 38 31 66 30 62 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 34 62 62 34 31 65 38 64 2d 37 64 30 63 2d 34 32 63 31 2d 61 30 39 64 2d 37 34 62 32 34 38 39 37 65 64 61 38 22 2c 22 49 6e 50 72 6f 63 65 73 73 22 3a 22 74 72 75 65 22 7d 7d 0a Data Ascii: {"Data":{"BundleId":"BA002","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","InProcess":"true"}}
Jul 11, 2024 19:39:39.825376987 CEST	524	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:39 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin Access-Control-Expose-Headers: Content-Length,Content-Range CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8a1a92fd4f29189d-EWR Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 1d{"message":"Event persisted"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49754	46.21.150.242	80	1244	C:\Program Files (x86)\BurnAware Free\BurnAware.exe

Timestamp	Bytes transferred	Direction	Data
Jul 11, 2024 19:39:52.895369053 CEST	99	OUT	GET /update.ver HTTP/1.1 User-Agent: WebData Host: www.burnaware.com Cache-Control: no-cache
Jul 11, 2024 19:39:53.494949102 CEST	566	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 11 Jul 2024 17:39:53 GMT Server: Apache/2 Content-Security-Policy: upgrade-insecure-requests; Location: https://www.burnaware.com/update.ver Cache-Control: max-age=0 Expires: Thu, 11 Jul 2024 17:39:53 GMT Content-Length: 244 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 72 6e 61 77 61 72 65 2e 63 6f 6d 2f 75 70 64 61 74 65 2e 76 65 72 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.burnaware.com/update.ver">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49760	46.21.150.242	80	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 11, 2024 19:39:54.649427891 CEST	450	OUT	GET /after-install.html HTTP/1.1 Host: www.burnaware.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 11, 2024 19:39:55.260967016 CEST	638	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 11 Jul 2024 17:39:55 GMT Server: Apache/2 Content-Security-Policy: upgrade-insecure-requests; Location: https://www.burnaware.com/after-install.html Cache-Control: max-age=0 Expires: Thu, 11 Jul 2024 17:39:55 GMT Content-Length: 252 Keep-Alive: timeout=2, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 72 6e 61 77 61 72 65 2e 63 6f 6d 2f 61 66 74 65 72 2d 69 6e 73 74 61 6c 6c 2e 68 74 6d 6c 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.burnaware.com/after-install.html">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49759	46.21.150.242	80	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 11, 2024 19:39:58.479358912 CEST	432	OUT	GET / HTTP/1.1 Host: www.burnaware.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 11, 2024 19:39:58.644643068 CEST	602	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 11 Jul 2024 17:39:58 GMT Server: Apache/2 Content-Security-Policy: upgrade-insecure-requests; Location: https://www.burnaware.com/ Cache-Control: max-age=0 Expires: Thu, 11 Jul 2024 17:39:58 GMT Content-Length: 234 Keep-Alive: timeout=2, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 72 6e 61 77 61 72 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.burnaware.com/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49778	46.21.150.242	80	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 11, 2024 19:40:43.476082087 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:23 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wRTxFRwcxxg7e5C&MD=L+rnHGl2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-11 17:39:23 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 4cae81ed-c34f-4483-930a-6d94aecbe549 MS-RequestId: caa30b85-dee8-4558-9f29-aa6a99ccc36b MS-CV: kLCLLQE7ykuU7iMN.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:39:23 GMT Connection: close Content-Length: 24490
2024-07-11 17:39:23 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-07-11 17:39:23 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	104.16.148.130	443	6368	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:40 UTC	186	OUT	POST /v1/event-stat/?ProductID=IS&Type=BundleInstallStart HTTP/1.1 Content-Type: application/json;charset=utf-8 Host: flow.lavasoft.com Content-Length: 848 Connection: Keep-Alive
2024-07-11 17:39:40 UTC	1	OUT	Data Raw: 7b Data Ascii: {
2024-07-11 17:39:40 UTC	847	OUT	Data Raw: 22 44 61 74 61 22 3a 7b 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 34 62 62 34 31 65 38 64 2d 37 64 30 63 2d 34 32 63 31 2d 61 30 39 64 2d 37 34 62 32 34 38 39 37 65 64 61 38 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 33 61 61 32 33 36 63 33 2d 30 64 31 63 2d 66 31 37 37 2d 34 39 32 30 2d 31 63 32 62 65 32 35 38 31 66 30 62 22 2c 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 41 30 30 32 22 2c 22 42 75 6e 64 6c 65 56 65 72 73 69 6f 6e 22 3a 22 32 2e 30 2e 30 2e 35 33 35 22 2c 22 43 61 72 72 69 65 72 49 64 22 3a 6e 75 6c 6c 2c 22 43 61 72 72 69 65 72 4e 61 6d 65 22 3a 22 42 75 72 6e 41 77 61 72 65 22 2c 22 43 61 72 72 69 65 72 53 6f 66 74 77 61 72 65 4e 61 6d 65 22 3a 22 42 75 72 6e 41 77 61 72 65 20 46 72 65 65 22 2c 22 43 61 72 72 69 65 72 53 6f 66 74 77 61 72 65 Data Ascii: "Data":{"InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","BundleId":"BA002","BundleVersion":"2.0.0.535","CarrierId":null,"CarrierName":"BurnAware","CarrierSoftwareName":"BurnAware Free","CarrierSoftware
2024-07-11 17:39:40 UTC	479	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:40 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin Access-Control-Expose-Headers: Content-Length,Content-Range CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8a1a9302fb708cb3-EWR
2024-07-11 17:39:40 UTC	35	IN	Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a Data Ascii: 1d{"message":"Event persisted"}
2024-07-11 17:39:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	104.16.212.94	443	6368	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:41 UTC	163	OUT	POST /v1/bundle/list/?bundleId=BA002 HTTP/1.1 Content-Type: application/json;charset=utf-8 Host: sos.adaware.com Content-Length: 185 Connection: Keep-Alive
2024-07-11 17:39:41 UTC	1	OUT	Data Raw: 7b Data Ascii: {
2024-07-11 17:39:41 UTC	184	OUT	Data Raw: 22 4f 66 66 65 72 46 69 6c 74 65 72 4f 72 22 3a 5b 5b 7b 22 6b 65 79 22 3a 22 6c 61 6e 67 22 2c 22 73 68 6f 75 6c 64 22 3a 74 72 75 65 2c 22 62 65 49 6e 22 3a 5b 22 65 6e 22 5d 7d 2c 7b 22 6b 65 79 22 3a 22 6f 73 76 65 72 73 69 6f 6e 22 2c 22 73 68 6f 75 6c 64 22 3a 74 72 75 65 2c 22 62 65 49 6e 22 3a 5b 22 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 5d 7d 2c 7b 22 6b 65 79 22 3a 22 68 6f 73 74 62 72 6f 77 73 65 72 22 2c 22 73 68 6f 75 6c 64 22 3a 74 72 75 65 2c 22 62 65 49 6e 22 3a 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 5d 7d 5d 5d 7d Data Ascii: "OfferFilterOr":[[{"key":"lang","should":true,"beIn":["en"]},{"key":"osversion","should":true,"beIn":["Windows 10 Pro"]},{"key":"hostbrowser","should":true,"beIn":["Google Chrome"]}]]}
2024-07-11 17:39:42 UTC	204	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:42 GMT Content-Type: application/json Content-Length: 158 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8a1a93089f5741a9-EWR
2024-07-11 17:39:42 UTC	158	IN	Data Raw: 7b 0a 20 20 22 6d 61 78 53 68 6f 77 6e 22 3a 20 32 2c 0a 20 20 22 6d 61 78 41 63 63 65 70 74 65 64 22 3a 20 32 2c 0a 20 20 22 6d 61 78 44 65 63 6c 69 6e 65 64 22 3a 20 30 2c 0a 20 20 22 73 6b 69 70 41 6c 6c 4f 66 66 65 72 73 22 3a 20 66 61 6c 73 65 2c 0a 20 20 22 73 68 6f 77 4f 66 66 65 72 43 6f 6e 73 65 6e 74 50 61 67 65 22 3a 20 66 61 6c 73 65 2c 0a 20 20 22 63 6f 75 6e 74 72 79 32 22 3a 20 22 55 53 22 2c 0a 20 20 22 4f 66 66 65 72 49 74 65 6d 73 22 3a 20 5b 5d 0a 7d Data Ascii: { "maxShown": 2, "maxAccepted": 2, "maxDeclined": 0, "skipAllOffers": false, "showOfferConsentPage": false, "country2": "US", "OfferItems": []}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49747	104.16.148.130	443	6368	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:42 UTC	171	OUT	POST /v1/event-stat/?ProductID=IS&Type=BundleProposedOffersIsEmpty HTTP/1.1 Content-Type: application/json;charset=utf-8 Host: flow.lavasoft.com Content-Length: 233
2024-07-11 17:39:42 UTC	1	OUT	Data Raw: 7b Data Ascii: {
2024-07-11 17:39:42 UTC	232	OUT	Data Raw: 22 44 61 74 61 22 3a 7b 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 34 62 62 34 31 65 38 64 2d 37 64 30 63 2d 34 32 63 31 2d 61 30 39 64 2d 37 34 62 32 34 38 39 37 65 64 61 38 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 33 61 61 32 33 36 63 33 2d 30 64 31 63 2d 66 31 37 37 2d 34 39 32 30 2d 31 63 32 62 65 32 35 38 31 66 30 62 22 2c 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 41 30 30 32 22 2c 22 42 75 6e 64 6c 65 52 65 73 70 6f 6e 73 65 44 61 74 61 22 3a 7b 22 6d 61 78 53 68 6f 77 6e 22 3a 32 2c 22 6d 61 78 41 63 63 65 70 74 65 64 22 3a 32 2c 22 63 6f 75 6e 74 72 79 32 22 3a 22 55 53 22 2c 22 4f 66 66 65 72 49 74 65 6d 73 22 3a 5b 5d 7d 2c 22 44 65 6c 74 61 4d 73 22 3a 36 35 39 36 32 38 38 7d 7d Data Ascii: "Data":{"InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","BundleId":"BA002","BundleResponseData":{"maxShown":2,"maxAccepted":2,"country2":"US","OfferItems":[]},"DeltaMs":6596288}}
2024-07-11 17:39:42 UTC	479	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:42 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin Access-Control-Expose-Headers: Content-Length,Content-Range CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8a1a9310adc8438d-EWR
2024-07-11 17:39:42 UTC	35	IN	Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a Data Ascii: 1d{"message":"Event persisted"}
2024-07-11 17:39:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49748	104.16.148.130	443	6368	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:43 UTC	153	OUT	POST /v1/event-stat/?ProductID=IS&Type=PageShown HTTP/1.1 Content-Type: application/json;charset=utf-8 Host: flow.lavasoft.com Content-Length: 191
2024-07-11 17:39:43 UTC	1	OUT	Data Raw: 7b Data Ascii: {
2024-07-11 17:39:43 UTC	190	OUT	Data Raw: 22 44 61 74 61 22 3a 7b 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 34 62 62 34 31 65 38 64 2d 37 64 30 63 2d 34 32 63 31 2d 61 30 39 64 2d 37 34 62 32 34 38 39 37 65 64 61 38 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 33 61 61 32 33 36 63 33 2d 30 64 31 63 2d 66 31 37 37 2d 34 39 32 30 2d 31 63 32 62 65 32 35 38 31 66 30 62 22 2c 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 41 30 30 32 22 2c 22 50 61 67 65 4e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 69 6e 67 50 61 67 65 22 2c 22 53 65 71 4e 75 6d 62 65 72 22 3a 31 2c 22 44 65 6c 74 61 4d 73 22 3a 37 31 39 35 30 33 32 7d 7d Data Ascii: "Data":{"InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","BundleId":"BA002","PageName":"InstallingPage","SeqNumber":1,"DeltaMs":7195032}}
2024-07-11 17:39:43 UTC	479	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:43 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin Access-Control-Expose-Headers: Content-Length,Content-Range CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8a1a9315b96b17f9-EWR
2024-07-11 17:39:43 UTC	35	IN	Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a Data Ascii: 1d{"message":"Event persisted"}
2024-07-11 17:39:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	104.16.148.130	443	6368	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:44 UTC	166	OUT	POST /v1/event-stat/?ProductID=IS&Type=BundleInstallComplete HTTP/1.1 Content-Type: application/json;charset=utf-8 Host: flow.lavasoft.com Content-Length: 1171
2024-07-11 17:39:44 UTC	1	OUT	Data Raw: 7b Data Ascii: {
2024-07-11 17:39:44 UTC	1023	OUT	Data Raw: 22 44 61 74 61 22 3a 7b 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 34 62 62 34 31 65 38 64 2d 37 64 30 63 2d 34 32 63 31 2d 61 30 39 64 2d 37 34 62 32 34 38 39 37 65 64 61 38 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 33 61 61 32 33 36 63 33 2d 30 64 31 63 2d 66 31 37 37 2d 34 39 32 30 2d 31 63 32 62 65 32 35 38 31 66 30 62 22 2c 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 41 30 30 32 22 2c 22 42 75 6e 64 6c 65 56 65 72 73 69 6f 6e 22 3a 22 32 2e 30 2e 30 2e 35 33 35 22 2c 22 43 61 72 72 69 65 72 49 64 22 3a 6e 75 6c 6c 2c 22 43 61 72 72 69 65 72 4e 61 6d 65 22 3a 22 42 75 72 6e 41 77 61 72 65 22 2c 22 43 61 72 72 69 65 72 53 6f 66 74 77 61 72 65 4e 61 6d 65 22 3a 22 42 75 72 6e 41 77 61 72 65 20 46 72 65 65 22 2c 22 43 61 72 72 69 65 72 53 6f 66 74 77 61 72 65 Data Ascii: "Data":{"InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","BundleId":"BA002","BundleVersion":"2.0.0.535","CarrierId":null,"CarrierName":"BurnAware","CarrierSoftwareName":"BurnAware Free","CarrierSoftware
2024-07-11 17:39:44 UTC	1	OUT	Data Raw: 72 Data Ascii: r
2024-07-11 17:39:44 UTC	146	OUT	Data Raw: 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 20 28 57 69 6e 42 75 69 6c 64 2e 31 36 30 31 30 31 2e 30 38 30 30 29 22 2c 22 70 43 6d 64 22 3a 22 43 3a 5c 5c 57 69 6e 64 6f 77 73 5c 5c 53 79 73 74 65 6d 33 32 5c 5c 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 22 70 44 65 6c 74 61 22 3a 22 2b 22 7d 5d 2c 22 43 61 72 72 69 65 72 4f 73 42 69 74 22 3a 22 41 6e 79 43 50 55 22 2c 22 44 65 6c 74 61 4d 73 22 3a 37 31 39 35 30 34 39 7d 7d Data Ascii: sion":"10.0.19041.1 (WinBuild.160101.0800)","pCmd":"C:\\Windows\\System32\\svchost.exe","pDelta":"+"}],"CarrierOsBit":"AnyCPU","DeltaMs":7195049}}
2024-07-11 17:39:44 UTC	479	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:44 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin Access-Control-Expose-Headers: Content-Length,Content-Range CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8a1a931aaf024229-EWR
2024-07-11 17:39:44 UTC	35	IN	Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a Data Ascii: 1d{"message":"Event persisted"}
2024-07-11 17:39:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49750	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:44 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-11 17:39:45 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=167409 Date: Thu, 11 Jul 2024 17:39:45 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49751	104.16.148.130	443	6368	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:45 UTC	157	OUT	POST /v1/event-stat/?ProductID=IS&Type=ProfileDebug HTTP/1.1 Content-Type: application/json;charset=utf-8 Host: flow.lavasoft.com Content-Length: 2863
2024-07-11 17:39:45 UTC	1	OUT	Data Raw: 7b Data Ascii: {
2024-07-11 17:39:45 UTC	1023	OUT	Data Raw: 22 44 61 74 61 22 3a 7b 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 34 62 62 34 31 65 38 64 2d 37 64 30 63 2d 34 32 63 31 2d 61 30 39 64 2d 37 34 62 32 34 38 39 37 65 64 61 38 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 33 61 61 32 33 36 63 33 2d 30 64 31 63 2d 66 31 37 37 2d 34 39 32 30 2d 31 63 32 62 65 32 35 38 31 66 30 62 22 2c 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 41 30 30 32 22 2c 22 44 65 6c 74 61 4d 73 22 3a 37 31 39 35 30 35 38 2c 22 49 6e 73 74 61 6c 6c 65 64 41 70 70 44 61 74 61 22 3a 5b 7b 22 44 69 73 70 6c 61 79 4e 61 6d 65 22 3a 22 37 2d 5a 69 70 20 32 33 2e 30 31 20 28 78 36 34 29 22 2c 22 44 69 73 70 6c 61 79 56 65 72 73 69 6f 6e 22 3a 22 32 33 2e 30 31 22 2c 22 49 6e 73 74 61 6c 6c 44 61 74 65 22 3a 6e 75 6c 6c 2c 22 49 6e 73 74 61 6c 6c 4c Data Ascii: "Data":{"InstallId":"4bb41e8d-7d0c-42c1-a09d-74b24897eda8","MachineId":"3aa236c3-0d1c-f177-4920-1c2be2581f0b","BundleId":"BA002","DeltaMs":7195058,"InstalledAppData":[{"DisplayName":"7-Zip 23.01 (x64)","DisplayVersion":"23.01","InstallDate":null,"InstallL
2024-07-11 17:39:45 UTC	1	OUT	Data Raw: 61 Data Ascii: a
2024-07-11 17:39:45 UTC	1838	OUT	Data Raw: 6c 6c 4c 6f 63 61 74 69 6f 6e 22 3a 22 22 7d 2c 7b 22 44 69 73 70 6c 61 79 4e 61 6d 65 22 3a 22 4f 66 66 69 63 65 20 31 36 20 43 6c 69 63 6b 2d 74 6f 2d 52 75 6e 20 45 78 74 65 6e 73 69 62 69 6c 69 74 79 20 43 6f 6d 70 6f 6e 65 6e 74 20 36 34 2d 62 69 74 20 52 65 67 69 73 74 72 61 74 69 6f 6e 22 2c 22 44 69 73 70 6c 61 79 56 65 72 73 69 6f 6e 22 3a 22 31 36 2e 30 2e 31 36 38 32 37 2e 32 30 30 35 36 22 2c 22 49 6e 73 74 61 6c 6c 44 61 74 65 22 3a 22 32 30 32 33 31 30 30 34 22 2c 22 49 6e 73 74 61 6c 6c 4c 6f 63 61 74 69 6f 6e 22 3a 22 22 7d 2c 7b 22 44 69 73 70 6c 61 79 4e 61 6d 65 22 3a 22 41 64 6f 62 65 20 41 63 72 6f 62 61 74 20 28 36 34 2d 62 69 74 29 22 2c 22 44 69 73 70 6c 61 79 56 65 72 73 69 6f 6e 22 3a 22 32 33 2e 30 30 36 2e 32 30 33 32 30 22 2c Data Ascii: llLocation":""},{"DisplayName":"Office 16 Click-to-Run Extensibility Component 64-bit Registration","DisplayVersion":"16.0.16827.20056","InstallDate":"20231004","InstallLocation":""},{"DisplayName":"Adobe Acrobat (64-bit)","DisplayVersion":"23.006.20320",
2024-07-11 17:39:45 UTC	479	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:45 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin Access-Control-Expose-Headers: Content-Length,Content-Range CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8a1a931ebfd04243-EWR
2024-07-11 17:39:45 UTC	35	IN	Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a Data Ascii: 1d{"message":"Event persisted"}
2024-07-11 17:39:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49752	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:46 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-11 17:39:47 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=167385 Date: Thu, 11 Jul 2024 17:39:46 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-11 17:39:47 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49755	46.21.150.242	443	1244	C:\Program Files (x86)\BurnAware Free\BurnAware.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:54 UTC	123	OUT	GET /update.ver HTTP/1.1 User-Agent: WebData Cache-Control: no-cache Host: www.burnaware.com Connection: Keep-Alive
2024-07-11 17:39:54 UTC	632	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:54 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Jun 2024 13:47:35 GMT ETag: "4-61bdf5f8d0bc0" Accept-Ranges: bytes Content-Length: 4 Cache-Control: max-age=172800 Expires: Sat, 13 Jul 2024 17:39:54 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Vary: User-Agent
2024-07-11 17:39:54 UTC	4	IN	Data Raw: 31 37 2e 39 Data Ascii: 17.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49761	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:56 UTC	678	OUT	GET /after-install.html HTTP/1.1 Host: www.burnaware.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:56 UTC	674	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:56 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 05 Jul 2024 04:25:43 GMT ETag: "23f0-61c7874e3bfc0" Accept-Ranges: bytes Content-Length: 9200 Cache-Control: max-age=0 Expires: Thu, 11 Jul 2024 17:39:56 GMT Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: text/html
2024-07-11 17:39:56 UTC	7518	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 66 74 65 72 20 49 6e 73 74 61 6c 6c 20 2d 20 42 75 72 6e 61 77 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>After Install - Burnaware</title> <meta name=
2024-07-11 17:39:56 UTC	1682	IN	Data Raw: 61 72 65 20 65 64 69 74 69 6f 6e 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 6d 75 74 65 64 22 20 68 72 65 66 3d 22 72 65 76 69 65 77 73 2d 61 77 61 72 64 73 2e 68 74 6d 6c 22 3e 52 65 76 69 65 77 73 20 61 6e 64 20 61 77 61 72 64 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 36 20 63 6f 6c 2d 6d 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: are editions</a></li> <li><a class="text-muted" href="reviews-awards.html">Reviews and awards</a></li> </ul> </div> <div class="col-6 col-md">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49762	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:57 UTC	572	OUT	GET /css/bootstrap.min.css HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:57 UTC	681	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:57 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 04 May 2023 13:07:36 GMT ETag: "27283-5fadddb35b600" Accept-Ranges: bytes Content-Length: 160387 Cache-Control: max-age=172800 Expires: Sat, 13 Jul 2024 17:39:57 GMT Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: text/css
2024-07-11 17:39:57 UTC	7511	IN	Data Raw: 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 35 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 23 36 36 31 30 66 32 3b 2d 2d Data Ascii: /! Bootstrap v4.5.0 (https://getbootstrap.com/) * Copyright 2011-2020 The Bootstrap Authors * Copyright 2011-2020 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */:root{--blue:#007bff;--indigo:#6610f2;--
2024-07-11 17:39:57 UTC	8000	IN	Data Raw: 2d 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 30 2c 2e 63 6f 6c 2d 6d 64 2d 31 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 32 2c 2e 63 6f 6c 2d 6d 64 2d 32 2c 2e 63 6f 6c 2d 6d 64 2d 33 2c 2e 63 6f 6c 2d 6d 64 2d 34 2c 2e 63 6f 6c 2d 6d 64 2d 35 2c 2e 63 6f 6c 2d 6d 64 2d 36 2c 2e 63 6f 6c 2d 6d 64 2d 37 2c 2e 63 6f 6c 2d 6d 64 2d 38 2c 2e 63 6f 6c 2d 6d 64 2d 39 2c 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 73 6d 2c 2e 63 6f 6c 2d 73 6d 2d 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 30 2c 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 32 2c 2e 63 6f 6c 2d 73 6d 2d 33 2c 2e 63 6f 6c 2d 73 6d 2d 34 2c 2e 63 6f 6c 2d 73 6d 2d 35 2c 2e 63 6f 6c 2d 73 6d 2d 36 2c 2e 63 6f 6c 2d 73 6d 2d 37 2c 2e 63 6f 6c 2d 73 6d 2d 38 2c 2e 63 6f 6c 2d Data Ascii: -1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-auto,.col-sm,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-
2024-07-11 17:39:57 UTC	8000	IN	Data Raw: 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 31 36 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 31 36 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 36 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 6c 67 2d 61 75 74 6f 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 63 6f 6c 2d 6c 67 2d 31 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 38 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 38 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 38 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 6c 67 2d 32 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 31 36 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 31 36 Data Ascii: *{-ms-flex:0 0 16.666667%;flex:0 0 16.666667%;max-width:16.666667%}.col-lg-auto{-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-lg-1{-ms-flex:0 0 8.333333%;flex:0 0 8.333333%;max-width:8.333333%}.col-lg-2{-ms-flex:0 0 16.666667%;flex:0 0 16
2024-07-11 17:39:57 UTC	8000	IN	Data Raw: 62 6c 65 20 2e 74 68 65 61 64 2d 64 61 72 6b 20 74 68 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 34 33 61 34 30 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 34 35 34 64 35 35 7d 2e 74 61 62 6c 65 20 2e 74 68 65 61 64 2d 6c 69 67 68 74 20 74 68 7b 63 6f 6c 6f 72 3a 23 34 39 35 30 35 37 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 39 65 63 65 66 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 65 65 32 65 36 7d 2e 74 61 62 6c 65 2d 64 61 72 6b 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 34 33 61 34 30 7d 2e 74 61 62 6c 65 2d 64 61 72 6b 20 74 64 2c 2e 74 61 62 6c 65 2d 64 61 72 6b 20 74 68 2c 2e 74 61 62 6c 65 2d 64 61 72 6b 20 74 68 65 61 64 20 Data Ascii: ble .thead-dark th{color:#fff;background-color:#343a40;border-color:#454d55}.table .thead-light th{color:#495057;background-color:#e9ecef;border-color:#dee2e6}.table-dark{color:#fff;background-color:#343a40}.table-dark td,.table-dark th,.table-dark thead
2024-07-11 17:39:57 UTC	8000	IN	Data Raw: 6e 70 75 74 3a 76 61 6c 69 64 3a 66 6f 63 75 73 7e 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 6c 61 62 65 6c 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 38 61 37 34 35 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 72 65 6d 20 72 67 62 61 28 34 30 2c 31 36 37 2c 36 39 2c 2e 32 35 29 7d 2e 69 6e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 30 25 3b 63 6f 6c 6f 72 3a 23 64 63 33 35 34 35 7d 2e 69 6e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 31 30 30 25 3b 7a 2d 69 6e 64 65 78 3a 35 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b Data Ascii: nput:valid:focus~.custom-file-label{border-color:#28a745;box-shadow:0 0 0 .2rem rgba(40,167,69,.25)}.invalid-feedback{display:none;width:100%;margin-top:.25rem;font-size:80%;color:#dc3545}.invalid-tooltip{position:absolute;top:100%;z-index:5;display:none;
2024-07-11 17:39:57 UTC	8000	IN	Data Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 65 37 65 33 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 63 37 34 33 30 7d 2e 62 74 6e 2d 73 75 63 63 65 73 73 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 2e 62 74 6e 2d 73 75 63 63 65 73 73 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 75 63 63 65 73 73 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 72 65 6d 20 72 67 62 61 28 37 32 2c 31 38 30 2c 39 37 2c 2e 35 29 7d 2e 62 74 6e 2d 69 6e 66 6f 7b 63 6f 6c 6f 72 3a 23 66 66 Data Ascii: round-color:#1e7e34;border-color:#1c7430}.btn-success:not(:disabled):not(.disabled).active:focus,.btn-success:not(:disabled):not(.disabled):active:focus,.show>.btn-success.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(72,180,97,.5)}.btn-info{color:#ff
2024-07-11 17:39:57 UTC	8000	IN	Data Raw: 63 33 35 34 35 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 63 33 35 34 35 7d 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 2e 66 6f 63 75 73 2c 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 3a 66 6f 63 75 73 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 72 65 6d 20 72 67 62 61 28 32 32 30 2c 35 33 2c 36 39 2c 2e 35 29 7d 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 2e 64 69 73 61 62 6c 65 64 2c 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 3a 64 69 73 61 62 6c 65 64 7b 63 6f 6c 6f 72 3a 23 64 63 33 35 34 35 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 Data Ascii: c3545;border-color:#dc3545}.btn-outline-danger.focus,.btn-outline-danger:focus{box-shadow:0 0 0 .2rem rgba(220,53,69,.5)}.btn-outline-danger.disabled,.btn-outline-danger:disabled{color:#dc3545;background-color:transparent}.btn-outline-danger:not(:disabled
2024-07-11 17:39:57 UTC	8000	IN	Data Raw: 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 73 74 61 72 74 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 62 74 6e 2d 67 72 6f 75 70 2d 76 65 72 74 69 63 61 6c 3e 2e 62 74 6e 2c 2e 62 74 6e 2d 67 72 6f 75 70 2d 76 65 72 74 69 63 61 6c 3e 2e 62 74 6e 2d 67 72 6f 75 70 7b 77 69 64 74 68 3a 31 30 30 25 7d 2e 62 74 6e 2d 67 72 6f 75 70 2d 76 65 72 74 69 63 61 6c 3e 2e 62 74 6e 2d 67 72 6f 75 70 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 63 68 69 6c 64 29 2c 2e 62 74 6e 2d 67 72 6f 75 70 2d 76 65 Data Ascii: irection:column;flex-direction:column;-ms-flex-align:start;align-items:flex-start;-ms-flex-pack:center;justify-content:center}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{width:100%}.btn-group-vertical>.btn-group:not(:first-child),.btn-group-ve
2024-07-11 17:39:57 UTC	8000	IN	Data Raw: 29 7d 2e 63 75 73 74 6f 6d 2d 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 2e 63 75 73 74 6f 6d 2d 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 2c 25 33 63 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 77 69 64 74 68 3d 27 31 32 27 20 68 65 69 67 68 74 3d 27 31 32 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 Data Ascii: )}.custom-radio .custom-control-label::before{border-radius:50%}.custom-radio .custom-control-input:checked~.custom-control-label::after{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' viewBox='-4
2024-07-11 17:39:57 UTC	8000	IN	Data Raw: 2d 69 74 65 6d 2e 73 68 6f 77 20 2e 6e 61 76 2d 6c 69 6e 6b 2c 2e 6e 61 76 2d 74 61 62 73 20 2e 6e 61 76 2d 6c 69 6e 6b 2e 61 63 74 69 76 65 7b 63 6f 6c 6f 72 3a 23 34 39 35 30 35 37 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 65 65 32 65 36 20 23 64 65 65 32 65 36 20 23 66 66 66 7d 2e 6e 61 76 2d 74 61 62 73 20 2e 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 70 78 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 30 7d 2e 6e 61 76 2d 70 69 6c 6c 73 20 2e 6e 61 76 2d 6c 69 6e 6b 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 35 72 65 6d 7d 2e 6e 61 Data Ascii: -item.show .nav-link,.nav-tabs .nav-link.active{color:#495057;background-color:#fff;border-color:#dee2e6 #dee2e6 #fff}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.nav-pills .nav-link{border-radius:.25rem}.na

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49763	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:57 UTC	612	OUT	GET /images/logo.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:57 UTC	646	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:57 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:17:48 GMT ETag: "bd5-5f31b7cdbcf00" Accept-Ranges: bytes Content-Length: 3029 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:57 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:57 UTC	3029	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 74 00 00 00 1e 08 06 00 00 00 fd f5 3a 1b 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDRt:tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49764	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:57 UTC	616	OUT	GET /images/facebook.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:57 UTC	645	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:57 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 04 May 2023 08:28:30 GMT ETag: "3da-5fad9f5120780" Accept-Ranges: bytes Content-Length: 986 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:57 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:57 UTC	986	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 03 91 49 44 41 54 48 89 9d 96 5d 68 9b 65 14 c7 7f e7 6d 1a db 98 86 34 fd 48 bf d6 a6 1d dd d6 aa 4b 3b b1 cc 31 ad b3 60 45 11 ac 14 37 44 9d ec 46 ef e6 6e 06 0a 7a a9 30 04 dd 95 97 0a 32 d8 04 69 41 c5 0a 43 0a 1b 8a 08 ce c4 56 74 ab 31 4b e9 47 b2 34 cd fa 91 a6 69 f2 1e 2f d2 b4 5d cd 47 e7 ff f2 bc e7 f9 9d 0f ce 73 9e 57 28 22 6b 85 9d c6 fd bd 38 1b 3c d8 1c b5 c8 a6 5d 81 e4 ca 22 f1 70 90 b9 80 8f e4 ca 62 41 86 e4 33 da 1c 75 3c 74 7c 98 96 83 8f b9 8c 32 cb 49 e0 59 c0 0b e2 ce e2 09 03 3e 60 cc 34 cd 2b f3 01 5f 6c f2 da 97 2c 2d cc 94 0e d0 f6 f0 93 f4 0c bc 56 61 29 7f e0 1d e0 9c 88 d8 Data Ascii: PNGIHDRw=sBIT\|dIDATH]hem4HK;1`E7DFnz02iACVt1KG4i/]GsW("k8<]"pbA3u<t\|2IY>`4+_l,-Va)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49767	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:58 UTC	564	OUT	GET /js/jquery-3.5.1.slim.min.js HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:58 UTC	694	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:58 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 Jun 2020 11:21:02 GMT ETag: "11abc-5a8d2abc58380" Accept-Ranges: bytes Content-Length: 72380 Cache-Control: max-age=604800 Expires: Thu, 18 Jul 2024 17:39:58 GMT Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: application/javascript
2024-07-11 17:39:58 UTC	7498	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 31 20 2d 61 6a 61 78 2c 2d 61 6a 61 78 2f 6a 73 6f 6e 70 2c 2d 61 6a 61 78 2f 6c 6f 61 64 2c 2d 61 6a 61 78 2f 73 63 72 69 70 74 2c 2d 61 6a 61 78 2f 76 61 72 2f 6c 6f 63 61 74 69 6f 6e 2c 2d 61 6a 61 78 2f 76 61 72 2f 6e 6f 6e 63 65 2c 2d 61 6a 61 78 2f 76 61 72 2f 72 71 75 65 72 79 2c 2d 61 6a 61 78 2f 78 68 72 2c 2d 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2f 5f 65 76 61 6c 55 72 6c 2c 2d 64 65 70 72 65 63 61 74 65 64 2f 61 6a 61 78 2d 65 76 65 6e 74 2d 61 6c 69 61 73 2c 2d 65 66 66 65 63 74 73 2c 2d 65 66 66 65 63 74 73 2f 54 77 65 65 6e 2c 2d 65 66 66 65 63 74 73 2f 61 6e 69 6d 61 74 65 64 53 65 6c 65 63 74 6f 72 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 Data Ascii: /*! jQuery v3.5.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-deprecated/ajax-event-alias,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other c
2024-07-11 17:39:58 UTC	8000	IN	Data Raw: 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 63 29 29 2c 6e 7d 63 61 74 63 68 28 65 29 7b 6b 28 74 2c 21 30 29 7d 66 69 6e 61 6c 6c 79 7b 73 3d 3d 3d 41 26 26 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 7d 7d 7d 72 65 74 75 72 6e 20 67 28 74 2e 72 65 70 6c 61 63 65 28 24 2c 22 24 31 22 29 2c 65 2c 6e 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 75 65 28 29 7b 76 61 72 20 72 3d 5b 5d 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 20 65 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 72 2e 70 75 73 68 28 74 2b 22 20 22 29 3e 78 2e 63 61 63 68 65 4c 65 6e 67 74 68 26 26 64 65 6c 65 74 65 20 65 5b 72 2e 73 68 69 66 74 28 29 5d 2c 65 5b 74 2b 22 20 22 5d 3d 6e 7d 7d 66 75 6e 63 74 69 6f 6e 20 6c 65 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 41 5d 3d Data Ascii: uerySelectorAll(c)),n}catch(e){k(t,!0)}finally{s===A&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>x.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[A]=
2024-07-11 17:39:58 UTC	8000	IN	Data Raw: 30 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 6e 6f 64 65 4e 61 6d 65 26 26 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 74 7d 7d 2c 43 4c 41 53 53 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 6d 5b 65 2b 22 20 22 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 6e 65 77 20 52 65 67 45 78 70 28 22 28 5e 7c 22 2b 52 2b 22 29 22 2b 65 2b 22 28 22 2b 52 2b 22 7c 24 29 22 29 29 26 26 6d 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 74 65 73 74 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 63 6c 61 73 73 4e 61 6d 65 26 26 65 2e 63 6c 61 73 73 4e 61 6d 65 7c 7c 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 Data Ascii: 0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t\|\|(t=new RegExp("(^\|"+R+")"+e+"("+R+"\|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className\|\|"undefined"!=typeof e.getAttrib
2024-07-11 17:39:58 UTC	8000	IN	Data Raw: 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 74 29 2c 6e 7d 2c 70 2e 73 6f 72 74 53 74 61 62 6c 65 3d 41 2e 73 70 6c 69 74 28 22 22 29 2e 73 6f 72 74 28 44 29 2e 6a 6f 69 6e 28 22 22 29 3d 3d 3d 41 2c 70 2e 64 65 74 65 63 74 44 75 70 6c 69 63 61 74 65 73 3d 21 21 6c 2c 43 28 29 2c 70 2e 73 6f 72 74 44 65 74 61 63 68 65 64 3d 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 26 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 54 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 66 69 65 6c 64 73 65 74 22 29 29 7d 29 2c 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 68 72 65 66 3d 27 23 27 3e 3c 2f 61 3e 22 2c 22 23 22 3d 3d 3d 65 2e 66 69 72 73 74 Data Ascii: .parentNode)\|\|t),n},p.sortStable=A.split("").sort(D).join("")===A,p.detectDuplicates=!!l,C(),p.sortDetached=ce(function(e){return 1&e.compareDocumentPosition(T.createElement("fieldset"))}),ce(function(e){return e.innerHTML="<a href='#'></a>","#"===e.first
2024-07-11 17:39:58 UTC	8000	IN	Data Raw: 74 68 7d 29 2c 61 2e 70 72 6f 6d 69 73 65 28 73 29 2c 65 26 26 65 2e 63 61 6c 6c 28 73 2c 73 29 2c 73 7d 2c 77 68 65 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 74 3d 6e 2c 72 3d 41 72 72 61 79 28 74 29 2c 69 3d 73 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 2c 6f 3d 45 2e 44 65 66 65 72 72 65 64 28 29 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 5b 74 5d 3d 74 68 69 73 2c 69 5b 74 5d 3d 31 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3f 73 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3a 65 2c 2d 2d 6e 7c 7c 6f 2e 72 65 73 6f 6c 76 65 57 69 74 68 28 72 2c 69 29 7d 7d 3b 69 66 28 6e 3c 3d 31 26 26 28 42 28 65 2c 6f 2e Data Ascii: th}),a.promise(s),e&&e.call(s,s),s},when:function(e){var n=arguments.length,t=n,r=Array(t),i=s.call(arguments),o=E.Deferred(),a=function(t){return function(e){r[t]=this,i[t]=1<arguments.length?s.call(arguments):e,--n\|\|o.resolveWith(r,i)}};if(n<=1&&(B(e,o.
2024-07-11 17:39:58 UTC	8000	IN	Data Raw: 74 22 29 2c 6c 26 26 76 65 28 61 29 2c 6e 29 7b 63 3d 30 3b 77 68 69 6c 65 28 6f 3d 61 5b 63 2b 2b 5d 29 70 65 2e 74 65 73 74 28 6f 2e 74 79 70 65 7c 7c 22 22 29 26 26 6e 2e 70 75 73 68 28 6f 29 7d 72 65 74 75 72 6e 20 66 7d 76 61 72 20 62 65 3d 2f 5e 6b 65 79 2f 2c 78 65 3d 2f 5e 28 3f 3a 6d 6f 75 73 65 7c 70 6f 69 6e 74 65 72 7c 63 6f 6e 74 65 78 74 6d 65 6e 75 7c 64 72 61 67 7c 64 72 6f 70 29 7c 63 6c 69 63 6b 2f 2c 77 65 3d 2f 5e 28 5b 5e 2e 5d 2a 29 28 3f 3a 5c 2e 28 2e 2b 29 7c 29 2f 3b 66 75 6e 63 74 69 6f 6e 20 43 65 28 29 7b 72 65 74 75 72 6e 21 30 7d 66 75 6e 63 74 69 6f 6e 20 54 65 28 29 7b 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 45 65 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b Data Ascii: t"),l&&ve(a),n){c=0;while(o=a[c++])pe.test(o.type\|\|"")&&n.push(o)}return f}var be=/^key/,xe=/^(?:mouse\|pointer\|contextmenu\|drag\|drop)\|click/,we=/^([^.]*)(?:\.(.+)\|)/;function Ce(){return!0}function Te(){return!1}function Ee(e,t){return e===function(){try{
2024-07-11 17:39:58 UTC	8000	IN	Data Raw: 28 6e 75 6c 6c 21 3d 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 2b 22 2f 22 2b 65 2e 74 79 70 65 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 71 65 28 65 29 7b 72 65 74 75 72 6e 22 74 72 75 65 2f 22 3d 3d 3d 28 65 2e 74 79 70 65 7c 7c 22 22 29 2e 73 6c 69 63 65 28 30 2c 35 29 3f 65 2e 74 79 70 65 3d 65 2e 74 79 70 65 2e 73 6c 69 63 65 28 35 29 3a 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 4f 65 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 2c 61 2c 73 3b 69 66 28 31 3d 3d 3d 74 2e 6e 6f 64 65 54 79 70 65 29 7b 69 66 28 59 2e 68 61 73 44 61 74 61 28 65 29 26 26 28 73 3d 59 2e 67 65 74 28 65 29 2e 65 76 65 6e 74 73 29 29 66 6f 72 28 69 20 69 6e 20 59 2e 72 65 6d 6f Data Ascii: (null!==e.getAttribute("type"))+"/"+e.type,e}function qe(e){return"true/"===(e.type\|\|"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Oe(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remo
2024-07-11 17:39:58 UTC	8000	IN	Data Raw: 73 74 79 6c 65 29 7b 76 61 72 20 69 2c 6f 2c 61 2c 73 3d 56 28 74 29 2c 75 3d 59 65 2e 74 65 73 74 28 74 29 2c 6c 3d 65 2e 73 74 79 6c 65 3b 69 66 28 75 7c 7c 28 74 3d 55 65 28 73 29 29 2c 61 3d 45 2e 63 73 73 48 6f 6f 6b 73 5b 74 5d 7c 7c 45 2e 63 73 73 48 6f 6f 6b 73 5b 73 5d 2c 76 6f 69 64 20 30 3d 3d 3d 6e 29 72 65 74 75 72 6e 20 61 26 26 22 67 65 74 22 69 6e 20 61 26 26 76 6f 69 64 20 30 21 3d 3d 28 69 3d 61 2e 67 65 74 28 65 2c 21 31 2c 72 29 29 3f 69 3a 6c 5b 74 5d 3b 22 73 74 72 69 6e 67 22 3d 3d 3d 28 6f 3d 74 79 70 65 6f 66 20 6e 29 26 26 28 69 3d 74 65 2e 65 78 65 63 28 6e 29 29 26 26 69 5b 31 5d 26 26 28 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 76 61 72 20 69 2c 6f 2c 61 3d 32 30 2c 73 3d 72 3f 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: style){var i,o,a,s=V(t),u=Ye.test(t),l=e.style;if(u\|\|(t=Ue(s)),a=E.cssHooks[t]\|\|E.cssHooks[s],void 0===n)return a&&"get"in a&&void 0!==(i=a.get(e,!1,r))?i:l[t];"string"===(o=typeof n)&&(i=te.exec(n))&&i[1]&&(n=function(e,t,n,r){var i,o,a=20,s=r?function()
2024-07-11 17:39:58 UTC	8000	IN	Data Raw: 72 20 6c 74 3d 2f 5e 28 3f 3a 66 6f 63 75 73 69 6e 66 6f 63 75 73 7c 66 6f 63 75 73 6f 75 74 62 6c 75 72 29 24 2f 2c 63 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 7d 3b 45 2e 65 78 74 65 6e 64 28 45 2e 65 76 65 6e 74 2c 7b 74 72 69 67 67 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 76 61 72 20 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 2c 63 2c 66 2c 64 3d 5b 6e 7c 7c 77 5d 2c 70 3d 79 2e 63 61 6c 6c 28 65 2c 22 74 79 70 65 22 29 3f 65 2e 74 79 70 65 3a 65 2c 68 3d 79 2e 63 61 6c 6c 28 65 2c 22 6e 61 6d 65 73 70 61 63 65 22 29 3f 65 2e 6e 61 6d 65 73 70 61 63 65 2e 73 70 6c 69 74 28 22 2e 22 29 3a 5b 5d 3b 69 66 28 6f 3d 66 3d 61 3d 6e 3d 6e 7c 7c 77 2c 33 21 3d 3d 6e 2e 6e 6f 64 65 54 79 70 Data Ascii: r lt=/^(?:focusinfocus\|focusoutblur)$/,ct=function(e){e.stopPropagation()};E.extend(E.event,{trigger:function(e,t,n,r){var i,o,a,s,u,l,c,f,d=[n\|\|w],p=y.call(e,"type")?e.type:e,h=y.call(e,"namespace")?e.namespace.split("."):[];if(o=f=a=n=n\|\|w,3!==n.nodeTyp
2024-07-11 17:39:58 UTC	882	IN	Data Raw: 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3f 74 68 69 73 2e 6f 6e 28 6e 2c 6e 75 6c 6c 2c 65 2c 74 29 3a 74 68 69 73 2e 74 72 69 67 67 65 72 28 6e 29 7d 7d 29 3b 76 61 72 20 79 74 3d 2f 5e 5b 5c 73 5c 75 46 45 46 46 5c 78 41 30 5d 2b 7c 5b 5c 73 5c 75 46 45 46 46 5c 78 41 30 5d 2b 24 2f 67 3b 45 2e 70 72 6f 78 79 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 65 5b 74 5d 2c 74 3d 65 2c 65 3d 6e 29 2c 62 28 65 29 29 72 65 74 75 72 6e 20 72 3d 73 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 2c 28 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 61 70 70 6c 79 28 74 7c 7c 74 68 69 73 2c 72 2e 63 6f 6e 63 61 74 28 73 2e 63 61 6c 6c Data Ascii: uments.length?this.on(n,null,e,t):this.trigger(n)}});var yt=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g;E.proxy=function(e,t){var n,r,i;if("string"==typeof t&&(n=e[t],t=e,e=n),b(e))return r=s.call(arguments,2),(i=function(){return e.apply(t\|\|this,r.concat(s.call

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49768	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:58 UTC	612	OUT	GET /images/help.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:58 UTC	646	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:58 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 04 May 2023 08:28:54 GMT ETag: "611-5fad9f6803d80" Accept-Ranges: bytes Content-Length: 1553 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:58 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:58 UTC	1553	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 05 c8 49 44 41 54 48 89 7d 55 6d 70 54 d5 19 7e de 7b ee bd 0b bb 09 98 6f 48 4c 76 03 56 36 90 40 a1 e0 0f 31 52 9c 16 21 da 36 a3 16 a5 30 95 b1 05 d4 d2 5a ec c0 a0 0e a2 32 cd 4c 5b 9d da b1 1f 0e 3a ad 1d c4 14 3b 95 b4 e3 54 9d 51 42 d8 e1 43 09 24 15 98 ec e4 cb 08 8d c4 00 f9 d8 8f 9b bb f7 9e 7b de fe 58 76 59 24 e9 3b 73 7e dc f7 9c f3 3e cf 79 9e 73 cf 4b f8 3f 51 50 50 88 6f d5 df 89 da f2 4a 94 9b 3e f0 95 51 b0 e3 80 02 7e 5c f2 5c 9c bd 3c 8c d6 8e 76 0c 0d 0d 4d 59 83 26 4b 56 56 56 61 c7 ce a7 71 cf dd 6b 0a 11 39 fe a0 77 f2 f4 6a 4e 5a 8b 90 48 96 b1 52 44 a6 31 04 d3 fc 54 5f 71 c7 7b Data Ascii: PNGIHDRw=sBIT\|dIDATH}UmpT~{oHLvV6@1R!60Z2L[:;TQBC${XvY$;s~>ysK?QPPoJ>Q~\\<vMY&KVVVaqk9wjNZHRD1T_q{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49769	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:58 UTC	660	OUT	GET / HTTP/1.1 Host: www.burnaware.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	675	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:58 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 08 Jul 2024 12:39:42 GMT ETag: "28ab-61cbbb5091f80" Accept-Ranges: bytes Content-Length: 10411 Cache-Control: max-age=0 Expires: Thu, 11 Jul 2024 17:39:58 GMT Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: text/html
2024-07-11 17:39:59 UTC	7517	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 46 72 65 65 20 42 75 72 6e 69 6e 67 20 53 6f 66 74 77 61 72 65 20 7c 20 43 44 2f 44 56 44 20 43 6f 70 79 69 6e 67 20 53 6f 66 74 77 61 72 65 20 7c 20 42 75 72 6e 41 77 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 42 75 72 6e 41 77 61 72 65 20 69 73 20 66 72 65 65 20 43 44 2c 20 44 56 44 2c 20 42 6c 75 2d 72 61 79 20 44 69 73 63 20 62 75 72 6e 69 6e 67 20 61 6e 64 20 63 6f 70 79 69 6e 67 20 73 6f 66 74 77 61 72 65 20 77 69 74 68 20 73 75 70 70 6f 72 74 20 6f 66 20 4d Data Ascii: <!DOCTYPE html><html lang="en"> <head> <title>Free Burning Software \| CD/DVD Copying Software \| BurnAware</title> <meta name="description" content="BurnAware is free CD, DVD, Blu-ray Disc burning and copying software with support of M
2024-07-11 17:39:59 UTC	2894	IN	Data Raw: 22 6d 61 72 67 69 6e 3a 20 36 30 70 78 3b 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 66 6f 6f 74 65 72 20 63 6c 61 73 73 3d 22 70 79 2d 35 20 62 6f 72 64 65 72 2d 74 6f 70 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 31 32 20 63 6f 6c 2d 6d 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 20 63 6c 61 73 73 3d 22 64 2d 62 6c 6f 63 6b 20 6d 62 2d 33 20 74 65 78 74 2d 6d 75 74 65 64 22 3e 26 63 6f 70 79 3b 20 32 30 32 Data Ascii: "margin: 60px;"></div> <footer class="py-5 border-top"> <div class="container"> <div class="row"> <div class="col-12 col-md"> <small class="d-block mb-3 text-muted">© 202

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49770	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:58 UTC	624	OUT	GET /images/boxshot_ultimate.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	649	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:58 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 01 Apr 2024 12:57:12 GMT ETag: "10100-61508872c1a00" Accept-Ranges: bytes Content-Length: 65792 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:58 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:59 UTC	7543	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 dc 00 00 01 2c 08 06 00 00 00 a8 bf dd 2c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDR,,tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 37 d0 5f 13 88 a4 29 5d 0c 40 2b 36 76 3d 62 c5 10 af 6f 8c 86 76 f1 17 8e ed 1b 71 56 c3 9c e0 2e fb a3 17 e7 0d a0 4c bf 5f 94 02 1c 19 1d 84 7d dc 8d 24 24 f8 1a b7 74 bf f5 d9 b3 f0 6b bf f0 88 b0 a0 47 79 ac 77 78 62 00 9e b9 b6 08 30 51 4b 3e b7 c2 af ff b3 cf 5c 85 4a 4f 95 bb b4 e5 04 e0 10 1e 09 3f e6 5e 1e 73 8a 94 86 a2 98 fe f4 d1 57 e0 4b df b9 0a 93 5c 39 d2 ab 3f fb 43 a7 e1 91 07 0e 8b bf 51 ca e6 eb 2f ce 88 bd d0 cb ef 65 d8 49 a9 0d ed cd c4 3c 4a 38 bb 30 3c 70 22 8b 98 dd 4d 1d 5a 6e 87 d2 d9 9c a0 97 cc aa 46 41 cc 2e bd c9 e2 2d 41 ad 98 96 e9 e5 48 8c ac 04 4b 07 86 18 f4 e1 0c 6c 64 e9 d4 f4 28 1c 1b eb 81 21 c6 63 31 d6 82 a9 1e 06 bf f4 be fb e0 ed f7 1d 4c b5 21 8f 93 6e 2e 6e c2 38 d7 bc f5 56 db 42 56 99 ca b4 9b 74 34 d3 0d Data Ascii: 7_)]@+6v=bovqV.L_}$$tkGywxb0QK>\JO?^sWK\9?CQ/eI<J80<p"MZnFA.-AHKld(!c1L!n.n8VBVt4
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 16 ac ea a9 ae d7 08 80 98 14 10 e6 c9 8e 7a 5c c0 f4 b4 98 51 ce e5 29 df ca 75 23 8d 92 1c 1f c2 6a 9e 64 dc 66 22 a1 f5 d0 a0 62 53 1b 54 63 4d dc 55 4a 9b 20 c5 88 61 59 3c dc 47 0c c3 fc ef c4 5d 49 94 01 f1 c0 78 02 36 3a b2 af ed e4 f4 18 8c 8f f4 89 67 91 c7 97 9f bb 06 73 2b 9b f0 a3 6f 3b 25 e8 25 c8 ca bd 78 63 19 96 b7 9b 82 9e fc 1d f7 9d 86 b7 df 9f 4e 09 1a a8 bd 0c 7f fc ad 4b 62 02 4f 82 e7 f1 f3 58 5e db 86 a9 c1 2a fc ea cf 3f 22 68 22 e8 b1 b0 bc 01 ff cb 1f 3c 2e 48 59 6b dd e5 e4 3e de 59 58 83 f7 9c d9 0b bf f8 a1 37 88 fd f1 f4 cb b7 e0 df ff e5 59 e8 27 b6 64 22 b8 dd ae c3 3f 7e ef fd 70 e2 c0 98 68 3a 8d bb e1 c5 4e 6c 45 16 3b 1e de 41 0d ae bf fd f9 b3 70 93 2b 9b 8f bf ef 01 c1 a8 45 43 32 69 96 01 bd 27 be 4b 64 31 e9 b3 4f Data Ascii: z\Q)u#jdf"bSTcMUJ aY<G]Ix6:gs+o;%%xcNKbOX^*?"h"<.HYk>YX7Y'd"?~ph:NlE;Ap+EC2i'Kd1O
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: af b0 d9 e1 00 3a 8a ca 35 bd ed 2b 72 b6 da 79 00 4c 0e c3 84 e6 3b 47 78 76 03 fb 67 37 00 87 0e eb c3 32 f2 6b cc 70 61 59 b1 10 42 ab d9 cc e2 a2 8c 3a ba 99 f2 b3 e9 72 ee 64 6d ac f9 70 6a 67 b0 6d 48 a2 21 0b 34 b2 6a 70 ea 90 20 80 25 44 52 f4 ad 72 d7 72 ee ca 8b 82 ec a5 7f f2 50 54 73 69 06 f7 9a d9 0f 1d f0 bf 8a d4 f9 3a aa 7d 83 3f d0 8f 3e 26 f5 91 a8 59 58 40 b6 b3 44 b9 43 e3 31 60 99 5d e2 ae fe 60 34 63 5a 66 43 c8 2e c1 72 e9 5b 66 22 79 06 a2 82 4a 89 5e c2 f2 a7 56 45 48 4a b8 64 a3 22 b3 d1 52 25 86 4c 0b 46 76 81 52 e6 bc 9e 2a f3 f8 77 17 e8 61 ec 09 f4 7b 10 3b 05 78 c0 a8 ea 4f a6 e2 18 ee fb 0e b5 ad 73 a6 41 6a 5a 18 34 3c d9 9e 34 09 c8 85 6c 63 71 96 5b b2 6d d1 60 40 1d de d4 88 ba 70 f9 05 f1 7a 4c 78 8a a6 55 83 74 7e 16 Data Ascii: :5+ryL;Gxvg72kpaYB:rdmpjgmH!4jp %DRrrPTsi:}?>&YX@DC1`]`4cZfC.r[f"yJ^VEHJd"R%LFvR*wa{;xOsAjZ4<4lcq[m`@pzLxUt~
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 5c 23 e3 9c 8c 1f 18 29 e7 71 62 ba 8a bb 8e 4f e2 d4 02 ed f2 13 23 28 17 3d 15 e1 56 bb 8b dd 76 5b 0c ab 4f 5a ed cb 45 38 7e 5e 96 e5 fe 42 f2 66 1c 7e 6e ee ef 62 93 0c 6c 9d 0c 8d 8d b3 40 c6 3a 51 ad 60 61 72 9c 72 bf 32 8a 85 bc 84 97 c2 3a 69 77 bc b3 76 f2 68 8d fc 0d 14 1a bf 05 a7 7d ed 1d b1 b7 fe 57 cf 25 2f db d0 b8 6b e1 4d fc 83 0f ff 13 fc b3 2f fc 34 ae 6c 5e c4 58 71 5b c0 0e af 75 a9 87 56 a6 82 a5 e2 31 23 9f 1d 16 a1 a4 cf 41 9e ed 66 f1 84 cf b5 57 c6 ec 5e 1d 86 84 29 11 48 7c 9d 1f a6 21 a9 0e b5 19 fd 16 ec 2c 5c c3 4a 29 7b 78 6a 78 bf ac 4f 86 76 6c de 23 44 b2 1d 31 b2 dd 3b 57 51 9e 5c c0 e8 b1 bb b0 bb 74 05 1b 97 9f 45 75 e1 9c 15 12 55 f1 e3 68 73 4c af 32 6a 5f 1a 16 3b 1f 30 0e 76 b0 d7 d3 aa 2f 5d 90 e2 e2 63 d9 74 22 Data Ascii: \#)qbO#(=Vv[OZE8~^Bf~nbl@:Q`arr2:iwvh}W%/kM/4l^Xq[uV1#AfW^)H\|!,\J){xjxOvl#D1;WQ\tEuUhsL2j_;0v/]ct"
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: b8 48 b9 dc 28 79 b3 0e 6e 1d ec e0 a5 37 96 30 33 71 01 a3 b4 b0 d8 e8 e6 67 aa b8 71 7b 13 2f 93 d1 71 3e c7 9e ac db 6f e3 a1 eb c8 9d 00 dc 88 7a 7d e9 8e a0 94 25 0a e5 e6 a6 a7 31 ce bd 71 e4 71 98 e8 cc b7 4d f2 2f 43 96 42 a7 84 bc 1e 17 33 27 cf 60 f1 21 f6 92 1b db 3b d2 23 c7 c5 f1 b9 99 51 1c 5f 98 f3 ea a8 3d ee 68 e8 08 cb 85 5b 7d 78 33 f0 e8 61 1e 17 b3 5f ab eb f8 dc 47 a5 df ea e4 47 2d 40 ce d8 54 05 3f f8 b1 47 70 fe dc 02 3e f7 f5 57 a5 6b 9e cb 1a 9e b7 33 9f ee a6 c2 0f 0a c3 f7 53 da d6 4c 48 13 0e 5b bc 92 c3 5f fa ef 19 ca af 9b be 50 a9 98 71 29 1d 2b c2 a7 7b fe 6c 12 4c d0 89 a8 cc 3b 59 47 6a 6e cc 2a e9 b9 5d b9 28 fc c6 cd dd 55 0b c2 97 20 2b 1a c2 b2 46 cb 43 1c de 8f 26 70 89 ab ab 63 9e 3c 10 46 35 66 22 86 8c 96 d8 c5 Data Ascii: H(yn703qgq{/q>oz}%1qqM/CB3'`!;#Q_=h[}x3a_GG-@T?Gp>Wk3SLH[_Pq)+{lL;YGjn*](U +FC&pc<F5f"
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 87 3a 51 6f 1b 8a a8 6a fb 08 2a 59 c3 4b 48 aa f3 0e 9f 23 a3 61 d9 c0 f1 29 ec 6c ac e2 37 7f eb 8f 30 3a 3a 82 fb ee 3d 1f 48 55 f0 b5 60 a4 6f 95 8c ee 0b 4f be 81 0f be fb bc 80 0d 07 0d 5a 18 64 04 8e e3 75 05 30 c8 51 2e 65 b1 46 86 f7 e4 0b d7 71 e6 c4 14 ce 9f 9e 95 c2 33 5f 4c 1e 15 bd 5f 3f a0 90 b1 86 75 ca 0f 39 74 6c 34 bd 0d 92 bd d8 dc f4 a8 84 7d e2 c9 7c da 15 87 7c 39 91 e6 f3 68 5b 92 63 b9 5e 21 97 ff 8d a5 47 d6 e9 38 0c e0 30 10 c2 35 45 16 b9 9d f5 c3 4f fe 66 c4 92 43 4f 0e 13 4d 75 70 6e 46 e5 0e 84 95 95 0d 7c ed ab cf e0 a9 a7 9e c7 d2 d2 3a f2 e4 e9 aa e3 93 b2 be b4 53 80 9b c9 d3 05 c8 06 13 9b cc 66 d2 a0 ae 1b 23 2d f7 b1 00 d7 f2 98 99 59 79 23 c2 94 7f 9d 8d 88 45 c5 2d da c4 09 e2 3c cb 04 26 03 9b 8c be 36 98 f0 59 15 Data Ascii: :Qoj*YKH#a)l70::=HU`oOZdu0Q.eFq3_L_?u9tl4}\|\|9h[c^!G805EOfCOMupnF\|:Sf#-Yy#E-<&6Y
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 78 35 98 60 3a e9 6e fc 09 b7 b9 62 9b f7 b7 20 42 b5 fd e3 92 f9 1c 72 5b c8 70 e3 a8 4e a3 4c 69 c1 8a 0c 6b c3 75 1f 62 f1 f7 25 53 b1 ae f0 c9 cf 3d eb d4 8a 01 a3 81 0a 5f 16 c1 40 20 b7 37 5b 9b e9 b2 14 f9 b8 9e e1 da a9 03 62 bf 5e bb d5 8f b5 fa 57 7c 50 bb 97 97 3c 3f 9c 40 2e 6e 14 9f ae 24 8c 42 6b 2b e9 3c 76 6f f0 12 03 b1 82 61 4a d2 91 71 14 07 f9 55 28 e4 73 66 73 ba a8 4d 91 43 af 35 92 80 4d ed 56 de e3 ae c6 16 47 82 7f e9 36 5e f1 b3 d0 cd b8 9c 45 68 6b e6 bf 02 fa 1a df f5 df 82 cf c4 44 26 49 8c a7 25 6c 5b 3e 35 e1 4e ac 1f 19 c1 24 47 02 8a b8 69 9c 52 bd ab fb 1f 5b 86 51 f2 9d 06 cf 91 36 1a 64 be 46 3e 5b d1 98 31 13 b8 2c 0e e7 d4 bf e4 c0 2c a9 90 40 13 56 76 0d f3 c1 5d 36 29 87 58 f8 08 06 ba 9b da 84 54 3c f7 83 b0 05 bb Data Ascii: x5`:nb Br[pNLikub%S=_@ 7[b^W\|P<?@.n$Bk+<voaJqU(sfsMC5MVG6^EhkD&I%l[>5N$GiR[Q6dF>[1,,@Vv]6)XT<
2024-07-11 17:39:59 UTC	2249	IN	Data Raw: de 27 21 e1 8e 9c e4 77 6f f3 e1 aa cd af 7a ef 0a ef d3 a9 b0 dd e4 bd 5b cb 64 85 70 63 50 d7 a4 3c cf 07 7e 82 5f ff 39 ef ff 81 f7 81 10 d8 80 64 67 9f 17 16 85 c9 57 ef 92 d6 a0 c3 ac 2b 26 cd e5 ef 6e f1 84 7d e0 f8 3e 78 f2 8c 02 22 06 d9 14 ec c2 0a 6b 82 6f f3 e4 56 e6 97 9a 94 ef 5c 9f 87 33 2c 58 0a 94 38 73 64 0f 7c ed d5 6b ac 69 8e 69 13 74 9e b5 d8 6a 1a e8 fd 93 17 2f c1 33 0f 9d 60 df aa 05 37 58 08 f7 f0 f1 37 e6 12 f4 af c9 52 31 bb b4 a6 85 f8 ea 14 c2 e3 a7 0f c1 0a 7f 4f 4d e6 56 43 99 8d 0a 45 9c 66 5f 6d 8f 4e 85 ba fb c0 18 1c 67 3f ec fb 6f de d0 02 f5 a5 1f 5c 80 17 ce df 82 f7 6e cd c3 6e 16 e0 a9 85 15 fd 40 d7 b7 fa 1a e2 7f 9e fd 32 f5 1b 13 53 4b fa fd 27 d9 77 5a 64 4d f5 22 9b 82 4a 90 3a ad 66 92 86 a4 c2 09 e9 33 1a d2 Data Ascii: '!woz[dpcP<~_9dgW+&n}>x"koV\3,X8sd\|kiitj/3`7X7R1OMVCEf_mNg?o\nn@2SK'wZdM"J:f3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49772	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:58 UTC	624	OUT	GET /images/winxvideo_ai_box.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	649	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:58 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 01 Apr 2024 12:57:30 GMT ETag: "16504-61508883ec280" Accept-Ranges: bytes Content-Length: 91396 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:58 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:59 UTC	7543	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d6 00 00 01 2c 08 06 00 00 00 bf 9d 4d e5 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDR,MtEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 2c 71 3e 0b d6 8a 78 64 a2 a4 a9 e9 fa 93 a5 17 0d 29 e5 d8 08 e8 fe 3a 98 72 3f 01 8b fd 32 3b 85 33 76 ce c2 a2 35 16 c5 b1 dc 42 9a a1 c6 d2 ec 80 50 fb 04 66 4d d0 89 24 c6 fb b1 b6 8a c5 78 3f 7a 2f 94 e9 43 df d1 ea 2c 98 ea 43 51 f0 40 63 8d 64 89 96 22 4d 67 13 f7 e1 8b 37 65 06 4b 6b dd 8f 7e 4e 51 77 4f 75 4e 21 d0 85 56 95 b1 16 c8 1c 4e fa 44 2c 18 83 0d 1b 37 71 cc 6c 22 6a b6 9e be 7e 10 54 ed ac 67 3b 88 d6 67 01 7a b7 80 ac 68 06 39 eb 34 90 4d 53 03 4d 95 cf b2 99 eb 3b 75 33 42 7f 89 34 15 f9 7a 7a 6c 5c 3f 3e d0 08 42 33 cc 44 b1 7f 24 5c aa c6 7e 99 27 6e 3e 98 f5 33 19 71 09 ac 8b 11 6f 42 73 14 d5 65 b4 c5 46 88 fd c4 25 f6 1f 39 10 b0 9f 04 c4 a2 85 44 8c ad b1 e5 7e 72 2d f7 a3 86 43 32 99 80 ce 8e ae c7 e7 cf 9f 77 c2 b8 f9 58 1a Data Ascii: ,q>xd):r?2;3v5BPfM$x?z/C,CQ@cd"Mg7eKk~NQwOuN!VND,7ql"j~Tg;gzh94MSM;u3B4zzl\?>B3D$\~'n>3qoBseF%9D~r-C2wX
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: cb 55 53 74 ab 85 27 2e 10 53 a6 4c 41 73 b3 02 5e b0 40 1a 6a ee 70 ec b1 2b 61 42 73 73 10 63 c1 73 35 e1 22 44 61 01 6e 8a 8e 93 3e 8d 9a 8b f2 d0 3e 72 cd b5 70 e4 91 47 32 e0 42 e8 e8 cc 59 b3 a1 12 c7 9f 28 65 84 c4 fa aa 58 29 fd 4b b1 be 34 9a b6 ed ed 6d 78 df 19 8e 13 12 ed 6c 18 b5 72 de 12 22 9a 37 04 5e 68 53 13 2c 36 3b 48 97 8a a4 91 05 61 17 0b 15 5e 98 bf a7 81 0f 15 c8 15 42 14 53 a8 22 25 35 0a 16 4b 3d 10 36 5c 8c f2 19 68 6c 7f 0c 72 a9 7a 18 9e 79 0a 14 b6 dc 44 4c 6b dc 29 01 89 f6 55 00 b9 ac b5 98 4a 46 85 0b 89 6a f0 cb 6b d8 fc 8e 0f ed c2 7d 86 59 88 3c ad b1 fc 20 7e 0b a1 c6 92 22 ac 43 e7 56 42 e5 9a 69 28 14 b4 e2 13 60 b0 ea d5 55 f0 f3 fb 7e 09 7f fe d3 5f 60 eb 96 6d 7c e1 44 e1 38 ec b0 43 e1 bc f3 cf 85 13 4e 38 8e 05 Data Ascii: USt'.SLAs^@jp+aBsscs5"Dan>>rpG2BY(eX)K4mxlr"7^hS,6;Ha^BS"%5K=6\hlrzyDLk)UJFjk}Y< ~"CVBi(`U~_`m\|D8CN8
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: ac 04 8b eb 29 e0 fb f6 8e 0e ae b4 44 e6 a0 30 78 83 6a 9b a3 f2 72 b4 40 06 a0 a3 6a be cd 1a c1 33 7e 06 44 ea ec 0b 43 43 52 c2 a3 bb c7 2b ed e3 09 cf d4 55 b4 05 45 e8 18 9c 08 cd 36 47 bc 8b 7b 82 3a 4c 04 5d 4f 1d 8a 5a de 88 d2 54 2a 9d 1d e0 cb 71 91 39 61 3b d4 be 95 13 a7 fa 4a 3b cc 9b 7d 1d 67 1c d6 84 63 fa 8b b0 38 a6 d3 e4 40 ef a7 5a db 6a 35 6e 77 c7 14 11 81 0d 90 48 8f 03 cd 54 7b 85 f9 a8 28 88 93 9a 27 b0 c9 48 41 65 4f 78 4e 31 d4 d1 b2 66 66 ac 83 1f 74 b9 8c 65 3b 21 96 a3 cc e0 b8 6a d2 1e b6 21 0a bb 85 16 d8 f4 a3 34 13 be be dc 00 9a 72 23 e8 c3 56 9b 12 02 b1 d1 5e 7c ce 81 d6 f4 f3 41 8d 44 9a e7 43 03 83 4f bc ed f4 53 8e 8f 6b e4 c6 21 94 aa 62 27 c5 a5 cf 54 c5 53 2f b0 d7 49 88 08 c4 20 a1 ea e8 e8 62 98 9d 3e df 8b da Data Ascii: )D0xjr@j3~DCCR+UE6G{:L]OZT*q9a;J;}gc8@Zj5nwHT{('HAeOxN1ffte;!j!4r#V^\|ADCOSk!b'TS/I b>
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: c8 e6 ab fb 16 34 63 a8 20 f0 c3 df be 85 15 5f 7d 06 ff fd 58 17 5a a6 e5 50 97 4d 45 3a 80 e5 7a f6 71 aa c5 59 80 3e d2 35 2e 1f 0c 1c 8d 16 65 ba 66 d4 fa 8c d9 ed ed 3a ab c9 db 14 58 d8 da 8f fc 80 69 56 57 0c 99 b4 18 e2 1a 32 16 9d 95 cc 62 49 78 82 1c 81 6d 72 31 0d 20 cb 91 0b 22 98 19 18 bd 83 03 be 43 48 bf 82 f4 ea 59 8b 1d 2c 1a a0 01 d5 55 f4 47 8a 16 99 22 78 51 ed cc d6 8a 61 e2 b8 f8 12 03 25 44 47 77 d1 92 7e 20 0d 8b af bc e2 2a dc f2 8b ff d6 81 b5 62 c5 07 70 e4 51 87 e3 de 7b ff 8a 97 5f 7c 05 ab df 5c 83 7f fe e3 39 7c fe fc 7f d1 08 0c bd 5a 73 8e 55 b2 c6 92 be 52 11 4a 99 55 ec cd 0b 06 2b 02 a3 c5 33 a6 ab 88 b3 a5 08 65 61 eb 35 c7 79 92 51 ba 19 43 28 ca c1 ed ac 2f b7 27 bc 28 12 7d 28 0a bd 49 75 11 51 7d 30 6f 6e 27 3a 66 Data Ascii: 4c _}XZPME:zqY>5.ef:XiVW2bIxmr1 "CHY,UG"xQa%DGw~ *bpQ{_\|\9\|ZsURJU+3ea5yQC(/'(}(IuQ}0on':f
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: cf c4 b1 95 65 06 d2 05 6b 57 4a 99 14 1f cc 26 d9 cc 7c 7c 12 b3 2a 6d cc 06 8c da 22 62 3d fe 72 b4 a6 f8 39 99 eb 95 d3 49 49 64 b1 e5 2a f2 12 31 19 fa 4c 2d f6 7f fe e3 79 5c 76 d9 d7 b0 76 ed 3a 8d aa a8 55 07 b3 a3 a3 43 af 7c b4 73 91 6d cf e6 cd 9b b5 6f d6 35 d7 5e 8d 55 ab f6 d5 3c ad a9 2e cc 4a ab 7d a4 ad 1e 59 b1 30 64 ae ad b9 9c 82 4e 10 29 1f 49 eb 1b 28 22 c2 a3 c3 21 ba 85 8f d0 f6 33 d5 4a 4f 12 57 a4 22 e5 4f 7e a5 07 e7 8c 3d 50 e3 f4 21 46 25 38 21 51 8e 29 9b 22 b8 ec fb a7 46 06 dd 3e f5 b9 8f e1 d8 e3 8f c6 4d 27 3e 89 d7 9f 9d c4 4c 4c 43 21 a5 76 2b 39 8e c9 54 1e f9 74 01 93 32 8f 09 55 a8 4f a8 5d 20 2f 8b 28 a8 17 d3 a2 2e ea 43 1a f6 c4 83 6f ff 16 7b af 3a 19 2f fc f3 2e ad 2e 4b 88 09 87 9f f4 9b 0e f6 52 16 b1 be 21 19 Data Ascii: ekWJ&\|\|m"b=r9IId1L-y\vv:UC\|smo5^U<.J}Y0dN)I("!3JOW"O~=P!F%8!Q)"F>M'>LLC!v+9Tt2UO] /(.Co{:/..KR!
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 38 fa f8 d3 71 e7 df c7 71 d6 39 5f d2 02 33 0d f5 0d be af 99 10 65 7b 67 c9 f5 92 6a ea 8c da 11 bf f3 bd ef ef 60 d7 1a 36 6d f4 49 db 8c a0 5d 32 4f 75 d4 84 31 52 ce 93 91 b2 7a 4c 7e c4 04 96 4a d9 55 0e 0d bc b7 15 33 3f 38 1b 17 9e be 02 c3 03 a3 da f8 dd 6b 60 d8 dd 23 9d 16 91 86 7b 1c 08 a1 d5 57 71 b5 8f 88 e8 44 f0 1e 87 08 67 5a 46 0e d9 47 ad bb 86 89 94 65 4d 33 38 2b de 36 2f 04 18 97 50 db 82 76 76 76 e2 98 63 8e d0 29 de 37 af fa 0e fe fe d7 fb 35 a2 42 b7 37 d5 85 db df d7 8f bf fd ed 7e 5c 79 c5 55 78 e9 c5 97 31 7f fe 3c 4d 8e 1c d7 35 58 58 9a fa 31 8a 74 44 0f 89 68 f6 b1 fb 62 e4 b4 11 41 de 85 fd 5e f8 1d 9d 84 72 8c 64 90 15 cf d4 2d 81 20 98 ec 53 3b 57 db 10 8e f9 e6 ae d8 1b fb 62 04 a3 1a da 53 63 2a 2a 13 ec 3a d0 d4 7f 32 Data Ascii: 8qq9_3e{gj`6mI]2Ou1RzL~JU3?8k`#{WqDgZFGeM38+6/Pvvvc)75B7~\yUx1<M5XX1tDhbA^rd- S;WbSc**:2
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 1b 5e f8 82 17 c2 ab bf eb 35 f0 e0 83 2f c5 6b bd cc da 64 b4 48 7b e5 51 a2 6c 02 f9 ae 60 ef 00 a7 5b fe d4 d3 87 df 7d f7 dd 70 fe c2 39 f8 a5 5f fc 05 f8 c4 27 fe 27 3c f1 f8 a3 01 45 23 ff a3 c2 01 6d 02 df f4 c2 6f 86 d7 7e d7 b7 c1 f3 9e 7d 1a 6e 2d b5 61 79 a3 81 11 82 0a 11 c6 e0 40 1f 53 50 9f 3d 77 11 8e 1c 3e c8 e4 3e 4c e6 da d1 f1 34 32 15 36 03 6a 9b 58 e3 49 2b 2d b2 d8 44 ac bb 54 b4 58 c1 8d aa 2f 28 ca e4 22 33 31 87 67 4c 7a 7d 0c c8 2a 64 77 e5 2f 89 ff 92 51 00 cb 22 ac 64 0c 1d f2 34 c9 45 18 59 78 f9 98 3f fa b1 3f 9e 9f 9b 9b 9d ad 3b dc 15 f1 5d 50 05 eb 1d 6f 7f 37 73 59 fc c8 8f fc 00 7c f3 83 2f e2 9d 88 ca ee 71 fc 1e 6e c3 d3 1e 17 aa 7f 1d 01 64 87 46 86 61 df fe fd f0 c4 63 e7 59 9e 93 67 6b 98 fa ac 64 77 3f ae f0 39 c5 Data Ascii: ^5/kdH{Ql`[}p9_''<E#mo~}n-ay@SP=w>>L426jXI+-DTX/("31gLz}*dw/Q"d4EYx??;]Po7sY\|/qndFacYgkdw?9
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 4e 89 52 bf ca dc 67 bb 41 47 86 36 95 b3 90 17 95 78 28 10 9c 71 95 52 b2 19 e5 61 4d 99 80 6b a9 e0 b1 62 3f c2 f5 ce 7c 8e 26 d8 77 c9 70 3b 6d 05 bb db 4b b8 a9 ac e1 8d ce 60 6e 6e 8e 1b cb 94 6b 12 06 d1 93 a2 50 21 ed d0 7d 25 f8 f2 ff d8 81 ff f0 aa 0c 86 1a 83 70 6a e8 06 1a d7 23 b0 d4 bc 8a 81 5e 1b 2c 2e a0 c3 39 57 83 e5 11 70 b3 82 0d 2e cb 0f a8 3e 38 3c 70 14 0e d5 ee 46 43 1b 81 fb 5e 3b 06 df f1 fb f7 43 63 a5 03 3b ab 8d c4 5b 19 b3 97 d7 2a 2c 65 74 8f 45 e2 53 f7 9f 1e 83 ff f2 57 67 e1 ad 3f f8 09 5c d5 93 30 fc b4 53 98 22 a1 47 a5 75 d0 a6 92 3a fe 5b c2 f0 b7 8c f7 ae 82 8f 2a 3d f0 f7 41 34 86 e1 3e 18 1d 1c 85 f5 4d dc a5 17 5a f0 43 af 38 0e bf f2 ea 7b e1 ea 4a 03 76 d1 7b 64 99 2a 24 bb 89 1c 1a b8 d8 2b 25 3b 70 ea 20 4d 1d Data Ascii: NRgAG6x(qRaMkb?\|&wp;mK`nnkP!}%pj#^,.9Wp.>8<pFC^;Cc;[,etESWg?\0S"Gu:[=A4>MZC8{Jv{d*$+%;p M
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 2d 23 30 28 90 56 04 e5 e7 86 e2 63 08 05 4d 2e 2c 49 1b 79 f9 c0 2c 3f aa 9d 9f 28 de 7b 66 2b a7 38 e2 c2 29 e9 4b 02 f3 8d 8e 40 35 ea 6c b7 8d af e0 99 14 c0 29 a6 93 e9 aa 64 c1 ab 05 38 27 c8 52 99 12 e9 99 f2 bb b2 91 e3 e9 fe c6 eb c4 e8 8c 20 7d 51 45 d9 87 81 14 d2 95 e4 28 29 64 20 bf 81 29 31 11 ac 19 b3 d7 66 68 0c 4b 79 0a 5a 6e e5 29 52 42 2e e5 71 96 3a a8 63 1a 57 fc 49 9b 17 e9 ef 9e ad ca 72 4a 38 f8 6b e6 a6 b5 d9 d0 2c 1d 02 cb c8 66 59 20 b7 94 a8 09 70 32 37 26 87 60 d0 26 cd 5d 8d 32 81 a5 d6 86 86 59 d8 26 8d 6c d6 e7 45 1d 4c ae 04 6e 4c c2 36 64 44 31 24 a9 58 43 6c 49 fa f7 99 5c b8 98 e4 b1 3e 1a 14 eb c9 f8 02 9c 11 a8 f8 74 5f 4c cc 53 87 cd 26 82 26 ca a6 08 24 59 48 0c 23 a7 82 7b b2 8b e4 a6 88 23 38 94 3c 8d 25 14 e9 c4 Data Ascii: -#0(VcM.,Iy,?({f+8)K@5l)d8'R }QE()d )1fhKyZn)RB.q:cWIrJ8k,fY p27&`&]2Y&lELnL6dD1$XClI\>t_LS&&$YH#{#8<%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49771	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:58 UTC	556	OUT	GET /js/bootstrap.min.js HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	693	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:58 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 12 May 2020 17:52:02 GMT ETag: "eb0e-5a5771eeb9480" Accept-Ranges: bytes Content-Length: 60174 Cache-Control: max-age=604800 Expires: Thu, 18 Jul 2024 17:39:58 GMT Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: application/javascript
2024-07-11 17:39:59 UTC	7499	IN	Data Raw: 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 35 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 Data Ascii: /! Bootstrap v4.5.0 (https://getbootstrap.com/) * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */!function(t,e){"
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 75 63 74 6f 72 3d 67 2c 65 2e 66 6e 2e 62 75 74 74 6f 6e 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 66 6e 2e 62 75 74 74 6f 6e 3d 66 2c 67 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 3b 76 61 72 20 6d 3d 22 63 61 72 6f 75 73 65 6c 22 2c 70 3d 22 2e 62 73 2e 63 61 72 6f 75 73 65 6c 22 2c 5f 3d 65 2e 66 6e 5b 6d 5d 2c 76 3d 7b 69 6e 74 65 72 76 61 6c 3a 35 65 33 2c 6b 65 79 62 6f 61 72 64 3a 21 30 2c 73 6c 69 64 65 3a 21 31 2c 70 61 75 73 65 3a 22 68 6f 76 65 72 22 2c 77 72 61 70 3a 21 30 2c 74 6f 75 63 68 3a 21 30 7d 2c 62 3d 7b 69 6e 74 65 72 76 61 6c 3a 22 28 6e 75 6d 62 65 72 7c 62 6f 6f 6c 65 61 6e 29 22 2c 6b 65 79 62 6f 61 72 64 3a 22 62 6f 6f 6c 65 61 6e 22 2c 73 6c 69 64 65 3a 22 28 62 Data Ascii: uctor=g,e.fn.button.noConflict=function(){return e.fn.button=f,g._jQueryInterface};var m="carousel",p=".bs.carousel",_=e.fn[m],v={interval:5e3,keyboard:!0,slide:!1,pause:"hover",wrap:!0,touch:!0},b={interval:"(number\|boolean)",keyboard:"boolean",slide:"(b
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 6c 65 6d 65 6e 74 3d 74 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 3d 74 68 69 73 2e 5f 67 65 74 43 6f 6e 66 69 67 28 65 29 2c 74 68 69 73 2e 5f 74 72 69 67 67 65 72 41 72 72 61 79 3d 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 27 5b 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 5d 5b 68 72 65 66 3d 22 23 27 2b 74 2e 69 64 2b 27 22 5d 2c 5b 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 5d 5b 64 61 74 61 2d 74 61 72 67 65 74 3d 22 23 27 2b 74 2e 69 64 2b 27 22 5d 27 29 29 3b 66 6f 72 28 76 61 72 20 6e 3d 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 27 5b 64 61 74 61 2d 74 Data Ascii: lement=t,this._config=this._getConfig(e),this._triggerArray=[].slice.call(document.querySelectorAll('[data-toggle="collapse"][href="#'+t.id+'"],[data-toggle="collapse"][data-target="#'+t.id+'"]'));for(var n=[].slice.call(document.querySelectorAll('[data-t
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 6c 61 73 73 28 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 2d 72 69 67 68 74 22 29 3f 22 74 6f 70 2d 65 6e 64 22 3a 22 74 6f 70 2d 73 74 61 72 74 22 3a 74 2e 68 61 73 43 6c 61 73 73 28 22 64 72 6f 70 72 69 67 68 74 22 29 3f 6e 3d 22 72 69 67 68 74 2d 73 74 61 72 74 22 3a 74 2e 68 61 73 43 6c 61 73 73 28 22 64 72 6f 70 6c 65 66 74 22 29 3f 6e 3d 22 6c 65 66 74 2d 73 74 61 72 74 22 3a 65 28 74 68 69 73 2e 5f 6d 65 6e 75 29 2e 68 61 73 43 6c 61 73 73 28 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 2d 72 69 67 68 74 22 29 26 26 28 6e 3d 22 62 6f 74 74 6f 6d 2d 65 6e 64 22 29 2c 6e 7d 2c 69 2e 5f 64 65 74 65 63 74 4e 61 76 62 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 63 6c 6f 73 65 73 74 28 22 Data Ascii: lass("dropdown-menu-right")?"top-end":"top-start":t.hasClass("dropright")?n="right-start":t.hasClass("dropleft")?n="left-start":e(this._menu).hasClass("dropdown-menu-right")&&(n="bottom-end"),n},i._detectNavbar=function(){return e(this._element).closest("
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 2e 6f 66 66 28 22 72 65 73 69 7a 65 2e 62 73 2e 6d 6f 64 61 6c 22 29 7d 2c 6e 2e 5f 68 69 64 65 4d 6f 64 61 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 3b 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 6e 6f 6e 65 22 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 61 72 69 61 2d 68 69 64 64 65 6e 22 2c 21 30 29 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 61 72 69 61 2d 6d 6f 64 61 6c 22 29 2c 74 68 69 73 2e 5f 69 73 54 72 61 6e 73 69 74 69 6f 6e 69 6e 67 3d 21 31 2c 74 68 69 73 2e 5f 73 68 6f 77 42 61 63 6b 64 72 6f 70 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 Data Ascii: .off("resize.bs.modal")},n._hideModal=function(){var t=this;this._element.style.display="none",this._element.setAttribute("aria-hidden",!0),this._element.removeAttribute("aria-modal"),this._isTransitioning=!1,this._showBackdrop((function(){e(document.body
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 72 2e 63 6c 69 63 6b 2c 69 2e 5f 69 73 57 69 74 68 41 63 74 69 76 65 54 72 69 67 67 65 72 28 29 3f 69 2e 5f 65 6e 74 65 72 28 6e 75 6c 6c 2c 69 29 3a 69 2e 5f 6c 65 61 76 65 28 6e 75 6c 6c 2c 69 29 7d 65 6c 73 65 7b 69 66 28 65 28 74 68 69 73 2e 67 65 74 54 69 70 45 6c 65 6d 65 6e 74 28 29 29 2e 68 61 73 43 6c 61 73 73 28 22 73 68 6f 77 22 29 29 72 65 74 75 72 6e 20 76 6f 69 64 20 74 68 69 73 2e 5f 6c 65 61 76 65 28 6e 75 6c 6c 2c 74 68 69 73 29 3b 74 68 69 73 2e 5f 65 6e 74 65 72 28 6e 75 6c 6c 2c 74 68 69 73 29 7d 7d 2c 69 2e 64 69 73 70 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 74 68 69 73 2e 5f 74 69 6d 65 6f 75 74 29 2c 65 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2c 74 68 69 73 Data Ascii: r.click,i._isWithActiveTrigger()?i._enter(null,i):i._leave(null,i)}else{if(e(this.getTipElement()).hasClass("show"))return void this._leave(null,this);this._enter(null,this)}},i.dispose=function(){clearTimeout(this._timeout),e.removeData(this.element,this
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 3d 74 79 70 65 6f 66 20 6e 26 26 6e 3b 69 66 28 28 69 7c 7c 21 2f 64 69 73 70 6f 73 65 7c 68 69 64 65 2f 2e 74 65 73 74 28 6e 29 29 26 26 28 69 7c 7c 28 69 3d 6e 65 77 20 74 28 74 68 69 73 2c 6f 29 2c 65 28 74 68 69 73 29 2e 64 61 74 61 28 22 62 73 2e 74 6f 6f 6c 74 69 70 22 2c 69 29 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 6e 29 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 69 5b 6e 5d 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 27 4e 6f 20 6d 65 74 68 6f 64 20 6e 61 6d 65 64 20 22 27 2b 6e 2b 27 22 27 29 3b 69 5b 6e 5d 28 29 7d 7d 29 29 7d 2c 6f 28 74 2c 6e 75 6c 6c 2c 5b 7b 6b 65 79 3a 22 56 45 52 53 49 4f 4e 22 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 34 2e 35 Data Ascii: =typeof n&&n;if((i\|\|!/dispose\|hide/.test(n))&&(i\|\|(i=new t(this,o),e(this).data("bs.tooltip",i)),"string"==typeof n)){if("undefined"==typeof i[n])throw new TypeError('No method named "'+n+'"');i[n]()}}))},o(t,null,[{key:"VERSION",get:function(){return"4.5
2024-07-11 17:39:59 UTC	4675	IN	Data Raw: 74 65 64 28 29 29 7b 73 26 26 28 6e 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 73 29 29 2c 74 68 69 73 2e 5f 61 63 74 69 76 61 74 65 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 6f 29 3b 76 61 72 20 68 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 65 2e 45 76 65 6e 74 28 22 68 69 64 64 65 6e 2e 62 73 2e 74 61 62 22 2c 7b 72 65 6c 61 74 65 64 54 61 72 67 65 74 3a 74 2e 5f 65 6c 65 6d 65 6e 74 7d 29 2c 6f 3d 65 2e 45 76 65 6e 74 28 22 73 68 6f 77 6e 2e 62 73 2e 74 61 62 22 2c 7b 72 65 6c 61 74 65 64 54 61 72 67 65 74 3a 69 7d 29 3b 65 28 69 29 2e 74 72 69 67 67 65 72 28 6e 29 2c 65 28 74 2e 5f 65 6c 65 6d 65 6e 74 29 2e 74 72 69 67 67 65 72 28 6f 29 7d 3b 6e 3f 74 68 69 73 2e 5f 61 63 74 69 76 61 74 65 28 6e 2c 6e 2e 70 Data Ascii: ted()){s&&(n=document.querySelector(s)),this._activate(this._element,o);var h=function(){var n=e.Event("hidden.bs.tab",{relatedTarget:t._element}),o=e.Event("shown.bs.tab",{relatedTarget:i});e(i).trigger(n),e(t._element).trigger(o)};n?this._activate(n,n.p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49774	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:58 UTC	360	OUT	GET /images/facebook.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	645	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:58 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 04 May 2023 08:28:30 GMT ETag: "3da-5fad9f5120780" Accept-Ranges: bytes Content-Length: 986 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:58 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:59 UTC	986	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 03 91 49 44 41 54 48 89 9d 96 5d 68 9b 65 14 c7 7f e7 6d 1a db 98 86 34 fd 48 bf d6 a6 1d dd d6 aa 4b 3b b1 cc 31 ad b3 60 45 11 ac 14 37 44 9d ec 46 ef e6 6e 06 0a 7a a9 30 04 dd 95 97 0a 32 d8 04 69 41 c5 0a 43 0a 1b 8a 08 ce c4 56 74 ab 31 4b e9 47 b2 34 cd fa 91 a6 69 f2 1e 2f d2 b4 5d cd 47 e7 ff f2 bc e7 f9 9d 0f ce 73 9e 57 28 22 6b 85 9d c6 fd bd 38 1b 3c d8 1c b5 c8 a6 5d 81 e4 ca 22 f1 70 90 b9 80 8f e4 ca 62 41 86 e4 33 da 1c 75 3c 74 7c 98 96 83 8f b9 8c 32 cb 49 e0 59 c0 0b e2 ce e2 09 03 3e 60 cc 34 cd 2b f3 01 5f 6c f2 da 97 2c 2d cc 94 0e d0 f6 f0 93 f4 0c bc 56 61 29 7f e0 1d e0 9c 88 d8 Data Ascii: PNGIHDRw=sBIT\|dIDATH]hem4HK;1`E7DFnz02iACVt1KG4i/]GsW("k8<]"pbA3u<t\|2IY>`4+_l,-Va)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49775	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:58 UTC	356	OUT	GET /images/logo.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	646	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:58 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:17:48 GMT ETag: "bd5-5f31b7cdbcf00" Accept-Ranges: bytes Content-Length: 3029 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:58 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:59 UTC	3029	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 74 00 00 00 1e 08 06 00 00 00 fd f5 3a 1b 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDRt:tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49779	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:59 UTC	611	OUT	GET /images/free_burning_software.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	648	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:59 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 26 Mar 2024 18:30:07 GMT ETag: "73ed-614947aba29c0" Accept-Ranges: bytes Content-Length: 29677 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:59 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:59 UTC	7544	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 90 00 00 00 f2 08 06 00 00 00 63 f4 93 29 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDRc)tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 9a 9f 83 d7 e7 c7 f0 85 0f f1 e1 a9 11 3c fa f4 73 48 c4 a7 60 b4 da 61 67 c2 f5 9e 6b 38 ec fa 5c eb 36 b3 7b d9 db 1b f3 9d 43 c8 fe e7 b7 4f 25 52 15 1b 04 27 3e a3 c3 8d 27 1f 3f aa 6c e1 e9 af 9a 02 8d ca a7 14 09 76 8f 8e ae 76 54 b0 63 d8 7d 6c 18 74 b9 8b 8f 67 3b f6 ec dd a7 7c 8f 26 64 1c 63 f7 50 b2 c0 7a 1d f9 63 ba 3a 32 ff a3 f1 34 b6 ef de 5b 72 3f 9e 35 40 82 a5 77 00 ad bd fc 1a 12 bc 5e 97 f2 4c 8f 3d 71 4c 79 38 1e 41 36 b0 73 87 72 3c 1f 60 8f b3 df db b2 f3 7c f8 7a 2a 7d fd 03 e8 43 76 e0 9e 59 29 cd ad cd 4a bd 2c ba dd e8 d4 59 14 52 ed ea df 89 2e 7e 7c 8a 59 1b 5d dd f9 fb 77 77 b4 2b 83 ff 89 44 0a e4 c1 aa 4b aa d1 26 81 68 37 8c 97 34 13 65 a1 a6 44 82 09 22 2f 8e 1c 39 82 2b 57 ae 20 12 89 c0 66 b3 65 66 76 af 2e e2 9d 37 3f Data Ascii: <sH`agk8\6{CO%R'>'?lvvTc}ltg;\|&dcPzc:24[r?5@w^L=qLy8A6sr<`\|z*}CvY)J,YR.~\|Y]ww+DK&h74eD"/9+W fefv.7?
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 81 3c 67 55 02 37 47 26 f1 f4 b7 be 8d a9 93 ef e3 d2 d9 cb 58 1c 1f 86 e8 68 82 c8 48 e2 da 8f 7f 0c ab bb 19 df fe c6 0b 8c 6a 4c 18 dc fb 10 46 4e be 82 f9 86 4e a4 4c 46 9c 3b f9 09 dc 7e 3f 76 ed 37 de b5 a5 6e 09 f7 17 f5 36 13 7d dd 74 ee 2a 0a d1 a4 05 a2 49 b6 a5 6c bc 75 89 89 89 19 26 c8 03 98 4d eb 31 77 79 14 b7 47 66 d0 dd da 09 bd dd 88 a1 e1 9b 90 d8 4b 6f 52 2c 11 b9 a2 0e 06 d1 86 47 1e 19 c4 db af bd 8e 83 7b 76 60 ff a1 18 ec 66 3d ce 9f bd 82 5d 5f 38 04 af 3e 8a a0 e0 84 d1 60 82 df 67 c5 a9 cb 17 f1 f8 f3 5f 85 cf 6e c3 e5 91 5b 48 37 79 d9 3e 01 f1 64 9a c8 83 b0 f9 ac 10 2d 46 61 69 72 26 3a 8d 83 d4 27 24 19 6d 6d 4d 98 9d 9f c1 fc 4a 14 bb 8d cd 10 52 51 f8 07 5b b0 2b d5 80 a1 cb 43 90 25 09 cd cd 4d 55 35 b2 d6 9e dd 78 39 bb Data Ascii: <gU7G&XhHjLFNNLF;~?v7n6}t*Ilu&M1wyGfKoR,G{v`f=]_8>`g_n[H7y>d-Fair&:'$mmMJRQ[+C%MU5x9
2024-07-11 17:39:59 UTC	6133	IN	Data Raw: 8e 18 a2 b9 64 4d c0 c8 28 0e 1f 19 82 fa 3e 19 c2 3b 84 0f 86 92 8b bd 45 c0 8a 12 62 69 be 6f 99 96 c4 20 3d 37 b3 53 9f ab f4 5a 4b 2f ee 5b c1 13 72 40 56 6a 84 15 6d 17 9f 2b 3a ef da 2f c3 0e c3 04 20 d1 c0 ec 92 4c 10 36 9d 2c 0c 5d 8a cf 18 48 ab b5 34 e7 33 cb 7e 4e d3 b4 f7 4b 50 43 10 28 4a 3d a3 a7 49 07 75 6f 9a 13 90 02 78 e8 94 77 f1 df c4 f9 88 2d b5 ef 15 16 56 84 a9 a4 38 2e 4e 22 fe 59 ad 76 c9 76 4b dd 43 60 2c b1 d5 52 40 17 fb 7e 7a 7a 9a 58 61 9b 4d 75 30 97 f4 77 7f ff 8f 6f 3d 7f fe fc 5f 5e 7f fd b5 df 11 0e ba d0 08 63 74 27 83 49 d2 7c 0e 03 37 e5 c2 f9 4a f5 77 b4 94 a9 35 8e b5 60 44 53 36 11 0f 1c 75 a7 12 8d 34 09 78 d0 84 a7 9b f1 b0 e8 e9 75 6b eb 05 4f 8d c1 a5 c8 75 3a 9a c5 85 d5 59 14 94 03 e9 22 d4 4c 57 56 74 48 ea Data Ascii: dM(>;Ebio =7SZK/[r@Vjm+:/ L6,]H43~NKPC(J=Iuoxw-V8.N"YvvKC`,R@~zzXaMu0wo=_^ct'I\|7Jw5`DS6u4xukOu:Y"LWVtH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49780	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:59 UTC	610	OUT	GET /images/dvd_burning_software.jpg HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	649	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:59 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 18:34:36 GMT ETag: "583e-5f31ae25d0700" Accept-Ranges: bytes Content-Length: 22590 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:59 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/jpeg
2024-07-11 17:39:59 UTC	7543	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 50 00 00 ff e1 03 2b 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d Data Ascii: ExifII*DuckyP+http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xm
2024-07-11 17:39:59 UTC	8000	IN	Data Raw: 9b 35 11 89 95 c5 66 64 19 99 5c 18 99 5c 19 99 5c 56 66 57 11 89 95 54 99 51 9c 83 39 51 aa 53 66 d9 c6 ba 4d fd 91 fc 52 f5 27 91 eb a7 a1 b4 71 dd b6 29 1d 6b 5e 33 f9 39 5f d7 ea 0f 45 35 7a 7d 7c 6b af ba df 5d ff 00 54 fe 4c 5b d5 f3 4f 67 4b 6c b4 f3 9e 1e 04 e5 35 cf 2b 88 93 65 c5 67 b9 70 62 6d e6 60 cc dd 71 58 ef f3 5c 18 9b ae 0c cd fc d7 17 18 9b 98 33 37 5c 31 3b c5 c4 ef 0c 4e ff 00 30 c4 ef f3 17 0e ff 00 30 c4 ef 13 17 bf cc 5c 3b fc c3 1a ef f3 13 0e e0 c5 ef 0c 5e f3 13 1a 8b 26 0b de 61 8b 16 31 1a c8 2f 77 9a 06 7c c4 6a 2d 30 98 a4 cd 6d 18 b5 62 7c cc 35 89 d5 59 f9 6d 8f 29 e2 ba ae 76 a5 eb ce 33 1e 30 ba 24 5b c1 47 48 b4 5b 85 a3 de ce 2b 33 59 8e 31 c6 01 8c 8a eb af 6d a9 68 b5 67 13 1c a5 2f 32 cc a4 b8 fb 1a 3d 4d 77 47 6d Data Ascii: 5fd\\\VfWTQ9QSfMR'q)k^39_E5z}\|k]TL[OgKl5+egpbm`qX\37\1;N00\;^&a1/w\|j-0mb\|5Ym)v30$[GH[+3Y1mhg/2=MwGm
2024-07-11 17:39:59 UTC	7047	IN	Data Raw: 00 00 00 00 18 17 15 14 00 00 00 00 00 01 70 21 80 d5 01 00 00 00 51 55 00 01 11 55 51 13 54 34 0d 00 10 00 51 8b de b4 8e 3c fc 1a e7 9d 73 ef f4 9c ff 00 eb c5 b3 74 de 79 bb f3 c6 3c fd 75 6f 97 0c e5 b8 ca 4a 8c aa 88 3a 53 5c df 8e 7b 69 1c ef 3f c1 9b d6 0e 93 6a d2 3b 75 c6 33 ce dd 65 9c b7 c9 ae 53 2d c8 8c 65 a1 9c 83 33 22 b3 96 91 26 45 62 67 dd 0a 3b 6b f4 f7 d9 1d d6 fe 5e bf aa 79 cf b2 18 eb b9 07 aa bf 6f 4c 4c 6a ae 27 ae c9 e3 69 62 cb d7 93 58 99 ca c4 65 71 13 20 4c aa b3 90 49 9f 7e 79 40 ad fd bc 46 76 db b2 3e 9f dd 3f 92 7b 6f 85 58 bd ad fa 34 6b 9f 3c 73 f7 ca 64 fe a2 c6 88 8e 3b b6 71 fa 2b c6 7d f2 7b 7d 0d c5 eb 4f d3 aa 91 4f 67 19 9f 7a 59 be 53 57 ed ec 9e 37 98 a4 78 cf 3f 81 ed 3f 86 18 d5 5e 93 b2 7c f8 47 c1 3e 68 4e Data Ascii: p!QUUQT4Q<sty<uoJ:S\{i?j;u3eS-e3"&Ebg;k^yoLLj'ibXeq LI~y@Fv>?{oX4k<sd;q+}{}OOgzYSW7x??^\|G>hN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49782	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:59 UTC	356	OUT	GET /images/help.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	646	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:59 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 04 May 2023 08:28:54 GMT ETag: "611-5fad9f6803d80" Accept-Ranges: bytes Content-Length: 1553 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:59 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:59 UTC	1553	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 05 c8 49 44 41 54 48 89 7d 55 6d 70 54 d5 19 7e de 7b ee bd 0b bb 09 98 6f 48 4c 76 03 56 36 90 40 a1 e0 0f 31 52 9c 16 21 da 36 a3 16 a5 30 95 b1 05 d4 d2 5a ec c0 a0 0e a2 32 cd 4c 5b 9d da b1 1f 0e 3a ad 1d c4 14 3b 95 b4 e3 54 9d 51 42 d8 e1 43 09 24 15 98 ec e4 cb 08 8d c4 00 f9 d8 8f 9b bb f7 9e 7b de fe 58 76 59 24 e9 3b 73 7e dc f7 9c f3 3e cf 79 9e 73 cf 4b f8 3f 51 50 50 88 6f d5 df 89 da f2 4a 94 9b 3e f0 95 51 b0 e3 80 02 7e 5c f2 5c 9c bd 3c 8c d6 8e 76 0c 0d 0d 4d 59 83 26 4b 56 56 56 61 c7 ce a7 71 cf dd 6b 0a 11 39 fe a0 77 f2 f4 6a 4e 5a 8b 90 48 96 b1 52 44 a6 31 04 d3 fc 54 5f 71 c7 7b Data Ascii: PNGIHDRw=sBIT\|dIDATH}UmpT~{oHLvV6@1R!60Z2L[:;TQBC${XvY$;s~>ysK?QPPoJ>Q~\\<vMY&KVVVaqk9wjNZHRD1T_q{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49783	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:59 UTC	601	OUT	GET /images/disc_burner.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:39:59 UTC	646	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:59 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 09 Jun 2021 12:21:20 GMT ETag: "7e2-5c4544fe11000" Accept-Ranges: bytes Content-Length: 2018 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:59 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:39:59 UTC	2018	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 07 99 49 44 41 54 58 85 ad 97 6b 4c 5b e7 19 c7 ff cf f1 39 d8 c6 17 8a 0d 0e 76 02 c4 86 30 65 6e 0d 69 48 80 26 cb 96 0e 39 25 d7 42 88 b6 e6 d2 ad 53 99 a6 7d 99 34 a9 db 87 49 9b d6 6f dd a4 49 f9 b2 2f 51 37 6d 5d 03 5d b3 84 04 8d 04 8f 90 a8 6b 03 54 c9 8a 93 60 28 6d ed 04 12 03 c6 07 63 b0 b1 8d c1 cf 3e 60 a7 e4 c2 b8 68 7f e9 48 e7 bc e7 3d e7 f7 7f 6f cf fb 3e 84 65 54 58 58 8c 5d bb 77 c3 60 30 2e 16 10 b4 04 ec 07 e8 65 00 0e 00 36 22 e4 00 00 33 c2 00 bc 00 6e 03 dc c5 40 3b 80 08 18 98 8d cd e2 d3 9e 1e 78 3c 77 9f c9 a1 27 0b 44 51 44 6d ad 13 b6 92 52 80 08 60 b6 11 e1 17 00 9d 20 22 cd Data Ascii: PNGIHDR szzsBIT\|dIDATXkL[9v0eniH&9%BS}4IoI/Q7m]]kT`(mc>`hH=o>eTXX]w`0.e6"3n@;x<w'DQDmR` "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49790	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:59 UTC	603	OUT	GET /images/best_software.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:00 UTC	645	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:59 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 08 Sep 2022 17:41:00 GMT ETag: "3c3-5e82deebba300" Accept-Ranges: bytes Content-Length: 963 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:59 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:40:00 UTC	963	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 03 7a 49 44 41 54 58 85 ed 56 6d 4c 5b 55 18 7e de 7b 4b b1 d5 1f c2 68 4b 28 fe 60 83 52 03 da 82 21 04 06 65 34 db 62 64 6c 73 89 ca dc 4f d1 f1 e9 07 f2 9f 14 14 30 71 d9 f6 c7 8f c4 08 4c 7f e8 2f 5d 67 58 98 11 3a 43 34 b6 7c 64 6b 0b 41 61 a4 5b 83 09 42 4d a0 0a 6d b8 3d fe 90 bb 95 d2 8f 4b a9 99 31 3e c9 9b 7b f2 9e f7 9c e7 b9 cf b9 e7 9c 4b 90 88 82 02 1d 8e 1d 7f 16 44 04 80 99 00 ea 00 50 0e 80 03 30 c9 80 cb 04 8c 00 80 db e5 84 cd 36 2a 69 5e 5e 4a 91 4c 26 c3 c9 93 a7 91 96 96 06 10 bd 4d a0 cf 89 48 4f 44 8f 11 d1 a3 44 94 4f c0 39 00 72 00 a3 2a 95 1a 5e ef 3d f8 fd eb 09 e7 26 b1 91 91 Data Ascii: PNGIHDR szzsBIT\|dzIDATXVmL[U~{KhK(`R!e4bdlsO0qL/]gX:C4\|dkAa[BMm=K1>{KDP06i^^JL&MHODDO9r^=&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49788	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:59 UTC	603	OUT	GET /images/free_software.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:00 UTC	646	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:59 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 09 Jun 2021 12:21:12 GMT ETag: "950-5c4544f66fe00" Accept-Ranges: bytes Content-Length: 2384 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:59 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:40:00 UTC	2384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 09 07 49 44 41 54 58 85 a5 97 69 70 d5 e5 15 c6 7f cf ff fe ef 92 7b 13 72 03 09 21 21 ac 41 01 91 30 48 54 d0 8a 0b 9b 33 85 4e 67 6c dd b5 4d a5 74 1c 29 ae e0 87 76 a6 03 d3 69 a7 80 0b ad 38 52 db 6a eb 52 5b 64 b4 a2 56 0c ca e2 42 64 93 84 1d 0c 4b cc 0e d9 b7 9b 9b dc ff e9 87 9b a0 20 62 1d cf d7 f7 7d cf 73 de 73 de f3 bc cf 11 ff 87 a5 67 0e 67 d2 35 77 30 62 c2 74 fc fe 14 10 02 fb 21 68 09 d0 01 fc c1 cc 8a 05 98 a0 bc b4 98 fd 1f ad a5 a1 f6 e8 37 fa d6 85 16 07 0f 9f c8 b8 cb e7 91 3f 69 16 20 64 e6 07 dd 89 58 2c 69 dc 97 f7 9a d9 6e 60 39 b0 ce cc 12 18 d4 56 94 b1 fb bd bf 52 77 b2 ec db Data Ascii: PNGIHDR szzsBIT\|dIDATXip{r!!A0HT3NglMt)vi8RjR[dVBdK b}ssgg5w0bt!h7?i dX,in`9VRw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49791	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:59 UTC	368	OUT	GET /images/boxshot_ultimate.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:00 UTC	649	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:59 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 01 Apr 2024 12:57:12 GMT ETag: "10100-61508872c1a00" Accept-Ranges: bytes Content-Length: 65792 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:59 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:40:00 UTC	7543	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 dc 00 00 01 2c 08 06 00 00 00 a8 bf dd 2c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDR,,tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 37 d0 5f 13 88 a4 29 5d 0c 40 2b 36 76 3d 62 c5 10 af 6f 8c 86 76 f1 17 8e ed 1b 71 56 c3 9c e0 2e fb a3 17 e7 0d a0 4c bf 5f 94 02 1c 19 1d 84 7d dc 8d 24 24 f8 1a b7 74 bf f5 d9 b3 f0 6b bf f0 88 b0 a0 47 79 ac 77 78 62 00 9e b9 b6 08 30 51 4b 3e b7 c2 af ff b3 cf 5c 85 4a 4f 95 bb b4 e5 04 e0 10 1e 09 3f e6 5e 1e 73 8a 94 86 a2 98 fe f4 d1 57 e0 4b df b9 0a 93 5c 39 d2 ab 3f fb 43 a7 e1 91 07 0e 8b bf 51 ca e6 eb 2f ce 88 bd d0 cb ef 65 d8 49 a9 0d ed cd c4 3c 4a 38 bb 30 3c 70 22 8b 98 dd 4d 1d 5a 6e 87 d2 d9 9c a0 97 cc aa 46 41 cc 2e bd c9 e2 2d 41 ad 98 96 e9 e5 48 8c ac 04 4b 07 86 18 f4 e1 0c 6c 64 e9 d4 f4 28 1c 1b eb 81 21 c6 63 31 d6 82 a9 1e 06 bf f4 be fb e0 ed f7 1d 4c b5 21 8f 93 6e 2e 6e c2 38 d7 bc f5 56 db 42 56 99 ca b4 9b 74 34 d3 0d Data Ascii: 7_)]@+6v=bovqV.L_}$$tkGywxb0QK>\JO?^sWK\9?CQ/eI<J80<p"MZnFA.-AHKld(!c1L!n.n8VBVt4
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 16 ac ea a9 ae d7 08 80 98 14 10 e6 c9 8e 7a 5c c0 f4 b4 98 51 ce e5 29 df ca 75 23 8d 92 1c 1f c2 6a 9e 64 dc 66 22 a1 f5 d0 a0 62 53 1b 54 63 4d dc 55 4a 9b 20 c5 88 61 59 3c dc 47 0c c3 fc ef c4 5d 49 94 01 f1 c0 78 02 36 3a b2 af ed e4 f4 18 8c 8f f4 89 67 91 c7 97 9f bb 06 73 2b 9b f0 a3 6f 3b 25 e8 25 c8 ca bd 78 63 19 96 b7 9b 82 9e fc 1d f7 9d 86 b7 df 9f 4e 09 1a a8 bd 0c 7f fc ad 4b 62 02 4f 82 e7 f1 f3 58 5e db 86 a9 c1 2a fc ea cf 3f 22 68 22 e8 b1 b0 bc 01 ff cb 1f 3c 2e 48 59 6b dd e5 e4 3e de 59 58 83 f7 9c d9 0b bf f8 a1 37 88 fd f1 f4 cb b7 e0 df ff e5 59 e8 27 b6 64 22 b8 dd ae c3 3f 7e ef fd 70 e2 c0 98 68 3a 8d bb e1 c5 4e 6c 45 16 3b 1e de 41 0d ae bf fd f9 b3 70 93 2b 9b 8f bf ef 01 c1 a8 45 43 32 69 96 01 bd 27 be 4b 64 31 e9 b3 4f Data Ascii: z\Q)u#jdf"bSTcMUJ aY<G]Ix6:gs+o;%%xcNKbOX^*?"h"<.HYk>YX7Y'd"?~ph:NlE;Ap+EC2i'Kd1O
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: af b0 d9 e1 00 3a 8a ca 35 bd ed 2b 72 b6 da 79 00 4c 0e c3 84 e6 3b 47 78 76 03 fb 67 37 00 87 0e eb c3 32 f2 6b cc 70 61 59 b1 10 42 ab d9 cc e2 a2 8c 3a ba 99 f2 b3 e9 72 ee 64 6d ac f9 70 6a 67 b0 6d 48 a2 21 0b 34 b2 6a 70 ea 90 20 80 25 44 52 f4 ad 72 d7 72 ee ca 8b 82 ec a5 7f f2 50 54 73 69 06 f7 9a d9 0f 1d f0 bf 8a d4 f9 3a aa 7d 83 3f d0 8f 3e 26 f5 91 a8 59 58 40 b6 b3 44 b9 43 e3 31 60 99 5d e2 ae fe 60 34 63 5a 66 43 c8 2e c1 72 e9 5b 66 22 79 06 a2 82 4a 89 5e c2 f2 a7 56 45 48 4a b8 64 a3 22 b3 d1 52 25 86 4c 0b 46 76 81 52 e6 bc 9e 2a f3 f8 77 17 e8 61 ec 09 f4 7b 10 3b 05 78 c0 a8 ea 4f a6 e2 18 ee fb 0e b5 ad 73 a6 41 6a 5a 18 34 3c d9 9e 34 09 c8 85 6c 63 71 96 5b b2 6d d1 60 40 1d de d4 88 ba 70 f9 05 f1 7a 4c 78 8a a6 55 83 74 7e 16 Data Ascii: :5+ryL;Gxvg72kpaYB:rdmpjgmH!4jp %DRrrPTsi:}?>&YX@DC1`]`4cZfC.r[f"yJ^VEHJd"R%LFvR*wa{;xOsAjZ4<4lcq[m`@pzLxUt~
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 5c 23 e3 9c 8c 1f 18 29 e7 71 62 ba 8a bb 8e 4f e2 d4 02 ed f2 13 23 28 17 3d 15 e1 56 bb 8b dd 76 5b 0c ab 4f 5a ed cb 45 38 7e 5e 96 e5 fe 42 f2 66 1c 7e 6e ee ef 62 93 0c 6c 9d 0c 8d 8d b3 40 c6 3a 51 ad 60 61 72 9c 72 bf 32 8a 85 bc 84 97 c2 3a 69 77 bc b3 76 f2 68 8d fc 0d 14 1a bf 05 a7 7d ed 1d b1 b7 fe 57 cf 25 2f db d0 b8 6b e1 4d fc 83 0f ff 13 fc b3 2f fc 34 ae 6c 5e c4 58 71 5b c0 0e af 75 a9 87 56 a6 82 a5 e2 31 23 9f 1d 16 a1 a4 cf 41 9e ed 66 f1 84 cf b5 57 c6 ec 5e 1d 86 84 29 11 48 7c 9d 1f a6 21 a9 0e b5 19 fd 16 ec 2c 5c c3 4a 29 7b 78 6a 78 bf ac 4f 86 76 6c de 23 44 b2 1d 31 b2 dd 3b 57 51 9e 5c c0 e8 b1 bb b0 bb 74 05 1b 97 9f 45 75 e1 9c 15 12 55 f1 e3 68 73 4c af 32 6a 5f 1a 16 3b 1f 30 0e 76 b0 d7 d3 aa 2f 5d 90 e2 e2 63 d9 74 22 Data Ascii: \#)qbO#(=Vv[OZE8~^Bf~nbl@:Q`arr2:iwvh}W%/kM/4l^Xq[uV1#AfW^)H\|!,\J){xjxOvl#D1;WQ\tEuUhsL2j_;0v/]ct"
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: b8 48 b9 dc 28 79 b3 0e 6e 1d ec e0 a5 37 96 30 33 71 01 a3 b4 b0 d8 e8 e6 67 aa b8 71 7b 13 2f 93 d1 71 3e c7 9e ac db 6f e3 a1 eb c8 9d 00 dc 88 7a 7d e9 8e a0 94 25 0a e5 e6 a6 a7 31 ce bd 71 e4 71 98 e8 cc b7 4d f2 2f 43 96 42 a7 84 bc 1e 17 33 27 cf 60 f1 21 f6 92 1b db 3b d2 23 c7 c5 f1 b9 99 51 1c 5f 98 f3 ea a8 3d ee 68 e8 08 cb 85 5b 7d 78 33 f0 e8 61 1e 17 b3 5f ab eb f8 dc 47 a5 df ea e4 47 2d 40 ce d8 54 05 3f f8 b1 47 70 fe dc 02 3e f7 f5 57 a5 6b 9e cb 1a 9e b7 33 9f ee a6 c2 0f 0a c3 f7 53 da d6 4c 48 13 0e 5b bc 92 c3 5f fa ef 19 ca af 9b be 50 a9 98 71 29 1d 2b c2 a7 7b fe 6c 12 4c d0 89 a8 cc 3b 59 47 6a 6e cc 2a e9 b9 5d b9 28 fc c6 cd dd 55 0b c2 97 20 2b 1a c2 b2 46 cb 43 1c de 8f 26 70 89 ab ab 63 9e 3c 10 46 35 66 22 86 8c 96 d8 c5 Data Ascii: H(yn703qgq{/q>oz}%1qqM/CB3'`!;#Q_=h[}x3a_GG-@T?Gp>Wk3SLH[_Pq)+{lL;YGjn*](U +FC&pc<F5f"
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 87 3a 51 6f 1b 8a a8 6a fb 08 2a 59 c3 4b 48 aa f3 0e 9f 23 a3 61 d9 c0 f1 29 ec 6c ac e2 37 7f eb 8f 30 3a 3a 82 fb ee 3d 1f 48 55 f0 b5 60 a4 6f 95 8c ee 0b 4f be 81 0f be fb bc 80 0d 07 0d 5a 18 64 04 8e e3 75 05 30 c8 51 2e 65 b1 46 86 f7 e4 0b d7 71 e6 c4 14 ce 9f 9e 95 c2 33 5f 4c 1e 15 bd 5f 3f a0 90 b1 86 75 ca 0f 39 74 6c 34 bd 0d 92 bd d8 dc f4 a8 84 7d e2 c9 7c da 15 87 7c 39 91 e6 f3 68 5b 92 63 b9 5e 21 97 ff 8d a5 47 d6 e9 38 0c e0 30 10 c2 35 45 16 b9 9d f5 c3 4f fe 66 c4 92 43 4f 0e 13 4d 75 70 6e 46 e5 0e 84 95 95 0d 7c ed ab cf e0 a9 a7 9e c7 d2 d2 3a f2 e4 e9 aa e3 93 b2 be b4 53 80 9b c9 d3 05 c8 06 13 9b cc 66 d2 a0 ae 1b 23 2d f7 b1 00 d7 f2 98 99 59 79 23 c2 94 7f 9d 8d 88 45 c5 2d da c4 09 e2 3c cb 04 26 03 9b 8c be 36 98 f0 59 15 Data Ascii: :Qoj*YKH#a)l70::=HU`oOZdu0Q.eFq3_L_?u9tl4}\|\|9h[c^!G805EOfCOMupnF\|:Sf#-Yy#E-<&6Y
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 78 35 98 60 3a e9 6e fc 09 b7 b9 62 9b f7 b7 20 42 b5 fd e3 92 f9 1c 72 5b c8 70 e3 a8 4e a3 4c 69 c1 8a 0c 6b c3 75 1f 62 f1 f7 25 53 b1 ae f0 c9 cf 3d eb d4 8a 01 a3 81 0a 5f 16 c1 40 20 b7 37 5b 9b e9 b2 14 f9 b8 9e e1 da a9 03 62 bf 5e bb d5 8f b5 fa 57 7c 50 bb 97 97 3c 3f 9c 40 2e 6e 14 9f ae 24 8c 42 6b 2b e9 3c 76 6f f0 12 03 b1 82 61 4a d2 91 71 14 07 f9 55 28 e4 73 66 73 ba a8 4d 91 43 af 35 92 80 4d ed 56 de e3 ae c6 16 47 82 7f e9 36 5e f1 b3 d0 cd b8 9c 45 68 6b e6 bf 02 fa 1a df f5 df 82 cf c4 44 26 49 8c a7 25 6c 5b 3e 35 e1 4e ac 1f 19 c1 24 47 02 8a b8 69 9c 52 bd ab fb 1f 5b 86 51 f2 9d 06 cf 91 36 1a 64 be 46 3e 5b d1 98 31 13 b8 2c 0e e7 d4 bf e4 c0 2c a9 90 40 13 56 76 0d f3 c1 5d 36 29 87 58 f8 08 06 ba 9b da 84 54 3c f7 83 b0 05 bb Data Ascii: x5`:nb Br[pNLikub%S=_@ 7[b^W\|P<?@.n$Bk+<voaJqU(sfsMC5MVG6^EhkD&I%l[>5N$GiR[Q6dF>[1,,@Vv]6)XT<
2024-07-11 17:40:00 UTC	2249	IN	Data Raw: de 27 21 e1 8e 9c e4 77 6f f3 e1 aa cd af 7a ef 0a ef d3 a9 b0 dd e4 bd 5b cb 64 85 70 63 50 d7 a4 3c cf 07 7e 82 5f ff 39 ef ff 81 f7 81 10 d8 80 64 67 9f 17 16 85 c9 57 ef 92 d6 a0 c3 ac 2b 26 cd e5 ef 6e f1 84 7d e0 f8 3e 78 f2 8c 02 22 06 d9 14 ec c2 0a 6b 82 6f f3 e4 56 e6 97 9a 94 ef 5c 9f 87 33 2c 58 0a 94 38 73 64 0f 7c ed d5 6b ac 69 8e 69 13 74 9e b5 d8 6a 1a e8 fd 93 17 2f c1 33 0f 9d 60 df aa 05 37 58 08 f7 f0 f1 37 e6 12 f4 af c9 52 31 bb b4 a6 85 f8 ea 14 c2 e3 a7 0f c1 0a 7f 4f 4d e6 56 43 99 8d 0a 45 9c 66 5f 6d 8f 4e 85 ba fb c0 18 1c 67 3f ec fb 6f de d0 02 f5 a5 1f 5c 80 17 ce df 82 f7 6e cd c3 6e 16 e0 a9 85 15 fd 40 d7 b7 fa 1a e2 7f 9e fd 32 f5 1b 13 53 4b fa fd 27 d9 77 5a 64 4d f5 22 9b 82 4a 90 3a ad 66 92 86 a4 c2 09 e9 33 1a d2 Data Ascii: '!woz[dpcP<~_9dgW+&n}>x"koV\3,X8sd\|kiitj/3`7X7R1OMVCEf_mNg?o\nn@2SK'wZdM"J:f3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49786	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:59 UTC	616	OUT	GET /images/facebook.jpg HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:00 UTC	647	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:59 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 Jun 2020 14:25:40 GMT ETag: "435-5a8d540126100" Accept-Ranges: bytes Content-Length: 1077 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:59 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/jpeg
2024-07-11 17:40:00 UTC	1077	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 01 01 12 00 03 00 00 00 01 00 01 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 64 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 00 14 00 14 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 Data Ascii: JFIF``"ExifMM*DuckydCC"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49787	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:39:59 UTC	368	OUT	GET /images/winxvideo_ai_box.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:00 UTC	649	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:39:59 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 01 Apr 2024 12:57:30 GMT ETag: "16504-61508883ec280" Accept-Ranges: bytes Content-Length: 91396 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:39:59 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:40:00 UTC	7543	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d6 00 00 01 2c 08 06 00 00 00 bf 9d 4d e5 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDR,MtEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 2c 71 3e 0b d6 8a 78 64 a2 a4 a9 e9 fa 93 a5 17 0d 29 e5 d8 08 e8 fe 3a 98 72 3f 01 8b fd 32 3b 85 33 76 ce c2 a2 35 16 c5 b1 dc 42 9a a1 c6 d2 ec 80 50 fb 04 66 4d d0 89 24 c6 fb b1 b6 8a c5 78 3f 7a 2f 94 e9 43 df d1 ea 2c 98 ea 43 51 f0 40 63 8d 64 89 96 22 4d 67 13 f7 e1 8b 37 65 06 4b 6b dd 8f 7e 4e 51 77 4f 75 4e 21 d0 85 56 95 b1 16 c8 1c 4e fa 44 2c 18 83 0d 1b 37 71 cc 6c 22 6a b6 9e be 7e 10 54 ed ac 67 3b 88 d6 67 01 7a b7 80 ac 68 06 39 eb 34 90 4d 53 03 4d 95 cf b2 99 eb 3b 75 33 42 7f 89 34 15 f9 7a 7a 6c 5c 3f 3e d0 08 42 33 cc 44 b1 7f 24 5c aa c6 7e 99 27 6e 3e 98 f5 33 19 71 09 ac 8b 11 6f 42 73 14 d5 65 b4 c5 46 88 fd c4 25 f6 1f 39 10 b0 9f 04 c4 a2 85 44 8c ad b1 e5 7e 72 2d f7 a3 86 43 32 99 80 ce 8e ae c7 e7 cf 9f 77 c2 b8 f9 58 1a Data Ascii: ,q>xd):r?2;3v5BPfM$x?z/C,CQ@cd"Mg7eKk~NQwOuN!VND,7ql"j~Tg;gzh94MSM;u3B4zzl\?>B3D$\~'n>3qoBseF%9D~r-C2wX
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: cb 55 53 74 ab 85 27 2e 10 53 a6 4c 41 73 b3 02 5e b0 40 1a 6a ee 70 ec b1 2b 61 42 73 73 10 63 c1 73 35 e1 22 44 61 01 6e 8a 8e 93 3e 8d 9a 8b f2 d0 3e 72 cd b5 70 e4 91 47 32 e0 42 e8 e8 cc 59 b3 a1 12 c7 9f 28 65 84 c4 fa aa 58 29 fd 4b b1 be 34 9a b6 ed ed 6d 78 df 19 8e 13 12 ed 6c 18 b5 72 de 12 22 9a 37 04 5e 68 53 13 2c 36 3b 48 97 8a a4 91 05 61 17 0b 15 5e 98 bf a7 81 0f 15 c8 15 42 14 53 a8 22 25 35 0a 16 4b 3d 10 36 5c 8c f2 19 68 6c 7f 0c 72 a9 7a 18 9e 79 0a 14 b6 dc 44 4c 6b dc 29 01 89 f6 55 00 b9 ac b5 98 4a 46 85 0b 89 6a f0 cb 6b d8 fc 8e 0f ed c2 7d 86 59 88 3c ad b1 fc 20 7e 0b a1 c6 92 22 ac 43 e7 56 42 e5 9a 69 28 14 b4 e2 13 60 b0 ea d5 55 f0 f3 fb 7e 09 7f fe d3 5f 60 eb 96 6d 7c e1 44 e1 38 ec b0 43 e1 bc f3 cf 85 13 4e 38 8e 05 Data Ascii: USt'.SLAs^@jp+aBsscs5"Dan>>rpG2BY(eX)K4mxlr"7^hS,6;Ha^BS"%5K=6\hlrzyDLk)UJFjk}Y< ~"CVBi(`U~_`m\|D8CN8
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: ac 04 8b eb 29 e0 fb f6 8e 0e ae b4 44 e6 a0 30 78 83 6a 9b a3 f2 72 b4 40 06 a0 a3 6a be cd 1a c1 33 7e 06 44 ea ec 0b 43 43 52 c2 a3 bb c7 2b ed e3 09 cf d4 55 b4 05 45 e8 18 9c 08 cd 36 47 bc 8b 7b 82 3a 4c 04 5d 4f 1d 8a 5a de 88 d2 54 2a 9d 1d e0 cb 71 91 39 61 3b d4 be 95 13 a7 fa 4a 3b cc 9b 7d 1d 67 1c d6 84 63 fa 8b b0 38 a6 d3 e4 40 ef a7 5a db 6a 35 6e 77 c7 14 11 81 0d 90 48 8f 03 cd 54 7b 85 f9 a8 28 88 93 9a 27 b0 c9 48 41 65 4f 78 4e 31 d4 d1 b2 66 66 ac 83 1f 74 b9 8c 65 3b 21 96 a3 cc e0 b8 6a d2 1e b6 21 0a bb 85 16 d8 f4 a3 34 13 be be dc 00 9a 72 23 e8 c3 56 9b 12 02 b1 d1 5e 7c ce 81 d6 f4 f3 41 8d 44 9a e7 43 03 83 4f bc ed f4 53 8e 8f 6b e4 c6 21 94 aa 62 27 c5 a5 cf 54 c5 53 2f b0 d7 49 88 08 c4 20 a1 ea e8 e8 62 98 9d 3e df 8b da Data Ascii: )D0xjr@j3~DCCR+UE6G{:L]OZT*q9a;J;}gc8@Zj5nwHT{('HAeOxN1ffte;!j!4r#V^\|ADCOSk!b'TS/I b>
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: c8 e6 ab fb 16 34 63 a8 20 f0 c3 df be 85 15 5f 7d 06 ff fd 58 17 5a a6 e5 50 97 4d 45 3a 80 e5 7a f6 71 aa c5 59 80 3e d2 35 2e 1f 0c 1c 8d 16 65 ba 66 d4 fa 8c d9 ed ed 3a ab c9 db 14 58 d8 da 8f fc 80 69 56 57 0c 99 b4 18 e2 1a 32 16 9d 95 cc 62 49 78 82 1c 81 6d 72 31 0d 20 cb 91 0b 22 98 19 18 bd 83 03 be 43 48 bf 82 f4 ea 59 8b 1d 2c 1a a0 01 d5 55 f4 47 8a 16 99 22 78 51 ed cc d6 8a 61 e2 b8 f8 12 03 25 44 47 77 d1 92 7e 20 0d 8b af bc e2 2a dc f2 8b ff d6 81 b5 62 c5 07 70 e4 51 87 e3 de 7b ff 8a 97 5f 7c 05 ab df 5c 83 7f fe e3 39 7c fe fc 7f d1 08 0c bd 5a 73 8e 55 b2 c6 92 be 52 11 4a 99 55 ec cd 0b 06 2b 02 a3 c5 33 a6 ab 88 b3 a5 08 65 61 eb 35 c7 79 92 51 ba 19 43 28 ca c1 ed ac 2f b7 27 bc 28 12 7d 28 0a bd 49 75 11 51 7d 30 6f 6e 27 3a 66 Data Ascii: 4c _}XZPME:zqY>5.ef:XiVW2bIxmr1 "CHY,UG"xQa%DGw~ *bpQ{_\|\9\|ZsURJU+3ea5yQC(/'(}(IuQ}0on':f
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: cf c4 b1 95 65 06 d2 05 6b 57 4a 99 14 1f cc 26 d9 cc 7c 7c 12 b3 2a 6d cc 06 8c da 22 62 3d fe 72 b4 a6 f8 39 99 eb 95 d3 49 49 64 b1 e5 2a f2 12 31 19 fa 4c 2d f6 7f fe e3 79 5c 76 d9 d7 b0 76 ed 3a 8d aa a8 55 07 b3 a3 a3 43 af 7c b4 73 91 6d cf e6 cd 9b b5 6f d6 35 d7 5e 8d 55 ab f6 d5 3c ad a9 2e cc 4a ab 7d a4 ad 1e 59 b1 30 64 ae ad b9 9c 82 4e 10 29 1f 49 eb 1b 28 22 c2 a3 c3 21 ba 85 8f d0 f6 33 d5 4a 4f 12 57 a4 22 e5 4f 7e a5 07 e7 8c 3d 50 e3 f4 21 46 25 38 21 51 8e 29 9b 22 b8 ec fb a7 46 06 dd 3e f5 b9 8f e1 d8 e3 8f c6 4d 27 3e 89 d7 9f 9d c4 4c 4c 43 21 a5 76 2b 39 8e c9 54 1e f9 74 01 93 32 8f 09 55 a8 4f a8 5d 20 2f 8b 28 a8 17 d3 a2 2e ea 43 1a f6 c4 83 6f ff 16 7b af 3a 19 2f fc f3 2e ad 2e 4b 88 09 87 9f f4 9b 0e f6 52 16 b1 be 21 19 Data Ascii: ekWJ&\|\|m"b=r9IId1L-y\vv:UC\|smo5^U<.J}Y0dN)I("!3JOW"O~=P!F%8!Q)"F>M'>LLC!v+9Tt2UO] /(.Co{:/..KR!
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 38 fa f8 d3 71 e7 df c7 71 d6 39 5f d2 02 33 0d f5 0d be af 99 10 65 7b 67 c9 f5 92 6a ea 8c da 11 bf f3 bd ef ef 60 d7 1a 36 6d f4 49 db 8c a0 5d 32 4f 75 d4 84 31 52 ce 93 91 b2 7a 4c 7e c4 04 96 4a d9 55 0e 0d bc b7 15 33 3f 38 1b 17 9e be 02 c3 03 a3 da f8 dd 6b 60 d8 dd 23 9d 16 91 86 7b 1c 08 a1 d5 57 71 b5 8f 88 e8 44 f0 1e 87 08 67 5a 46 0e d9 47 ad bb 86 89 94 65 4d 33 38 2b de 36 2f 04 18 97 50 db 82 76 76 76 e2 98 63 8e d0 29 de 37 af fa 0e fe fe d7 fb 35 a2 42 b7 37 d5 85 db df d7 8f bf fd ed 7e 5c 79 c5 55 78 e9 c5 97 31 7f fe 3c 4d 8e 1c d7 35 58 58 9a fa 31 8a 74 44 0f 89 68 f6 b1 fb 62 e4 b4 11 41 de 85 fd 5e f8 1d 9d 84 72 8c 64 90 15 cf d4 2d 81 20 98 ec 53 3b 57 db 10 8e f9 e6 ae d8 1b fb 62 04 a3 1a da 53 63 2a 2a 13 ec 3a d0 d4 7f 32 Data Ascii: 8qq9_3e{gj`6mI]2Ou1RzL~JU3?8k`#{WqDgZFGeM38+6/Pvvvc)75B7~\yUx1<M5XX1tDhbA^rd- S;WbSc**:2
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 1b 5e f8 82 17 c2 ab bf eb 35 f0 e0 83 2f c5 6b bd cc da 64 b4 48 7b e5 51 a2 6c 02 f9 ae 60 ef 00 a7 5b fe d4 d3 87 df 7d f7 dd 70 fe c2 39 f8 a5 5f fc 05 f8 c4 27 fe 27 3c f1 f8 a3 01 45 23 ff a3 c2 01 6d 02 df f4 c2 6f 86 d7 7e d7 b7 c1 f3 9e 7d 1a 6e 2d b5 61 79 a3 81 11 82 0a 11 c6 e0 40 1f 53 50 9f 3d 77 11 8e 1c 3e c8 e4 3e 4c e6 da d1 f1 34 32 15 36 03 6a 9b 58 e3 49 2b 2d b2 d8 44 ac bb 54 b4 58 c1 8d aa 2f 28 ca e4 22 33 31 87 67 4c 7a 7d 0c c8 2a 64 77 e5 2f 89 ff 92 51 00 cb 22 ac 64 0c 1d f2 34 c9 45 18 59 78 f9 98 3f fa b1 3f 9e 9f 9b 9b 9d ad 3b dc 15 f1 5d 50 05 eb 1d 6f 7f 37 73 59 fc c8 8f fc 00 7c f3 83 2f e2 9d 88 ca ee 71 fc 1e 6e c3 d3 1e 17 aa 7f 1d 01 64 87 46 86 61 df fe fd f0 c4 63 e7 59 9e 93 67 6b 98 fa ac 64 77 3f ae f0 39 c5 Data Ascii: ^5/kdH{Ql`[}p9_''<E#mo~}n-ay@SP=w>>L426jXI+-DTX/("31gLz}*dw/Q"d4EYx??;]Po7sY\|/qndFacYgkdw?9
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 4e 89 52 bf ca dc 67 bb 41 47 86 36 95 b3 90 17 95 78 28 10 9c 71 95 52 b2 19 e5 61 4d 99 80 6b a9 e0 b1 62 3f c2 f5 ce 7c 8e 26 d8 77 c9 70 3b 6d 05 bb db 4b b8 a9 ac e1 8d ce 60 6e 6e 8e 1b cb 94 6b 12 06 d1 93 a2 50 21 ed d0 7d 25 f8 f2 ff d8 81 ff f0 aa 0c 86 1a 83 70 6a e8 06 1a d7 23 b0 d4 bc 8a 81 5e 1b 2c 2e a0 c3 39 57 83 e5 11 70 b3 82 0d 2e cb 0f a8 3e 38 3c 70 14 0e d5 ee 46 43 1b 81 fb 5e 3b 06 df f1 fb f7 43 63 a5 03 3b ab 8d c4 5b 19 b3 97 d7 2a 2c 65 74 8f 45 e2 53 f7 9f 1e 83 ff f2 57 67 e1 ad 3f f8 09 5c d5 93 30 fc b4 53 98 22 a1 47 a5 75 d0 a6 92 3a fe 5b c2 f0 b7 8c f7 ae 82 8f 2a 3d f0 f7 41 34 86 e1 3e 18 1d 1c 85 f5 4d dc a5 17 5a f0 43 af 38 0e bf f2 ea 7b e1 ea 4a 03 76 d1 7b 64 99 2a 24 bb 89 1c 1a b8 d8 2b 25 3b 70 ea 20 4d 1d Data Ascii: NRgAG6x(qRaMkb?\|&wp;mK`nnkP!}%pj#^,.9Wp.>8<pFC^;Cc;[,etESWg?\0S"Gu:[=A4>MZC8{Jv{d*$+%;p M
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 2d 23 30 28 90 56 04 e5 e7 86 e2 63 08 05 4d 2e 2c 49 1b 79 f9 c0 2c 3f aa 9d 9f 28 de 7b 66 2b a7 38 e2 c2 29 e9 4b 02 f3 8d 8e 40 35 ea 6c b7 8d af e0 99 14 c0 29 a6 93 e9 aa 64 c1 ab 05 38 27 c8 52 99 12 e9 99 f2 bb b2 91 e3 e9 fe c6 eb c4 e8 8c 20 7d 51 45 d9 87 81 14 d2 95 e4 28 29 64 20 bf 81 29 31 11 ac 19 b3 d7 66 68 0c 4b 79 0a 5a 6e e5 29 52 42 2e e5 71 96 3a a8 63 1a 57 fc 49 9b 17 e9 ef 9e ad ca 72 4a 38 f8 6b e6 a6 b5 d9 d0 2c 1d 02 cb c8 66 59 20 b7 94 a8 09 70 32 37 26 87 60 d0 26 cd 5d 8d 32 81 a5 d6 86 86 59 d8 26 8d 6c d6 e7 45 1d 4c ae 04 6e 4c c2 36 64 44 31 24 a9 58 43 6c 49 fa f7 99 5c b8 98 e4 b1 3e 1a 14 eb c9 f8 02 9c 11 a8 f8 74 5f 4c cc 53 87 cd 26 82 26 ca a6 08 24 59 48 0c 23 a7 82 7b b2 8b e4 a6 88 23 38 94 3c 8d 25 14 e9 c4 Data Ascii: -#0(VcM.,Iy,?({f+8)K@5l)d8'R }QE()d )1fhKyZn)RB.q:cWIrJ8k,fY p27&`&]2Y&lELnL6dD1$XClI\>t_LS&&$YH#{#8<%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49792	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:00 UTC	615	OUT	GET /images/twitter.jpg HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:00 UTC	647	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:00 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 Jun 2020 14:25:56 GMT ETag: "3ee-5a8d541068500" Accept-Ranges: bytes Content-Length: 1006 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:00 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/jpeg
2024-07-11 17:40:00 UTC	1006	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 01 01 12 00 03 00 00 00 01 00 01 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 64 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 00 14 00 14 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 Data Ascii: JFIF``"ExifMM*DuckydCC"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49794	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:00 UTC	474	OUT	GET /images/free_burning_software.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.2144220585.1720719599; _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1
2024-07-11 17:40:00 UTC	648	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:00 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 26 Mar 2024 18:30:07 GMT ETag: "73ed-614947aba29c0" Accept-Ranges: bytes Content-Length: 29677 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:00 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:40:00 UTC	7544	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 90 00 00 00 f2 08 06 00 00 00 63 f4 93 29 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDRc)tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 9a 9f 83 d7 e7 c7 f0 85 0f f1 e1 a9 11 3c fa f4 73 48 c4 a7 60 b4 da 61 67 c2 f5 9e 6b 38 ec fa 5c eb 36 b3 7b d9 db 1b f3 9d 43 c8 fe e7 b7 4f 25 52 15 1b 04 27 3e a3 c3 8d 27 1f 3f aa 6c e1 e9 af 9a 02 8d ca a7 14 09 76 8f 8e ae 76 54 b0 63 d8 7d 6c 18 74 b9 8b 8f 67 3b f6 ec dd a7 7c 8f 26 64 1c 63 f7 50 b2 c0 7a 1d f9 63 ba 3a 32 ff a3 f1 34 b6 ef de 5b 72 3f 9e 35 40 82 a5 77 00 ad bd fc 1a 12 bc 5e 97 f2 4c 8f 3d 71 4c 79 38 1e 41 36 b0 73 87 72 3c 1f 60 8f b3 df db b2 f3 7c f8 7a 2a 7d fd 03 e8 43 76 e0 9e 59 29 cd ad cd 4a bd 2c ba dd e8 d4 59 14 52 ed ea df 89 2e 7e 7c 8a 59 1b 5d dd f9 fb 77 77 b4 2b 83 ff 89 44 0a e4 c1 aa 4b aa d1 26 81 68 37 8c 97 34 13 65 a1 a6 44 82 09 22 2f 8e 1c 39 82 2b 57 ae 20 12 89 c0 66 b3 65 66 76 af 2e e2 9d 37 3f Data Ascii: <sH`agk8\6{CO%R'>'?lvvTc}ltg;\|&dcPzc:24[r?5@w^L=qLy8A6sr<`\|z*}CvY)J,YR.~\|Y]ww+DK&h74eD"/9+W fefv.7?
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 81 3c 67 55 02 37 47 26 f1 f4 b7 be 8d a9 93 ef e3 d2 d9 cb 58 1c 1f 86 e8 68 82 c8 48 e2 da 8f 7f 0c ab bb 19 df fe c6 0b 8c 6a 4c 18 dc fb 10 46 4e be 82 f9 86 4e a4 4c 46 9c 3b f9 09 dc 7e 3f 76 ed 37 de b5 a5 6e 09 f7 17 f5 36 13 7d dd 74 ee 2a 0a d1 a4 05 a2 49 b6 a5 6c bc 75 89 89 89 19 26 c8 03 98 4d eb 31 77 79 14 b7 47 66 d0 dd da 09 bd dd 88 a1 e1 9b 90 d8 4b 6f 52 2c 11 b9 a2 0e 06 d1 86 47 1e 19 c4 db af bd 8e 83 7b 76 60 ff a1 18 ec 66 3d ce 9f bd 82 5d 5f 38 04 af 3e 8a a0 e0 84 d1 60 82 df 67 c5 a9 cb 17 f1 f8 f3 5f 85 cf 6e c3 e5 91 5b 48 37 79 d9 3e 01 f1 64 9a c8 83 b0 f9 ac 10 2d 46 61 69 72 26 3a 8d 83 d4 27 24 19 6d 6d 4d 98 9d 9f c1 fc 4a 14 bb 8d cd 10 52 51 f8 07 5b b0 2b d5 80 a1 cb 43 90 25 09 cd cd 4d 55 35 b2 d6 9e dd 78 39 bb Data Ascii: <gU7G&XhHjLFNNLF;~?v7n6}t*Ilu&M1wyGfKoR,G{v`f=]_8>`g_n[H7y>d-Fair&:'$mmMJRQ[+C%MU5x9
2024-07-11 17:40:00 UTC	6133	IN	Data Raw: 8e 18 a2 b9 64 4d c0 c8 28 0e 1f 19 82 fa 3e 19 c2 3b 84 0f 86 92 8b bd 45 c0 8a 12 62 69 be 6f 99 96 c4 20 3d 37 b3 53 9f ab f4 5a 4b 2f ee 5b c1 13 72 40 56 6a 84 15 6d 17 9f 2b 3a ef da 2f c3 0e c3 04 20 d1 c0 ec 92 4c 10 36 9d 2c 0c 5d 8a cf 18 48 ab b5 34 e7 33 cb 7e 4e d3 b4 f7 4b 50 43 10 28 4a 3d a3 a7 49 07 75 6f 9a 13 90 02 78 e8 94 77 f1 df c4 f9 88 2d b5 ef 15 16 56 84 a9 a4 38 2e 4e 22 fe 59 ad 76 c9 76 4b dd 43 60 2c b1 d5 52 40 17 fb 7e 7a 7a 9a 58 61 9b 4d 75 30 97 f4 77 7f ff 8f 6f 3d 7f fe fc 5f 5e 7f fd b5 df 11 0e ba d0 08 63 74 27 83 49 d2 7c 0e 03 37 e5 c2 f9 4a f5 77 b4 94 a9 35 8e b5 60 44 53 36 11 0f 1c 75 a7 12 8d 34 09 78 d0 84 a7 9b f1 b0 e8 e9 75 6b eb 05 4f 8d c1 a5 c8 75 3a 9a c5 85 d5 59 14 94 03 e9 22 d4 4c 57 56 74 48 ea Data Ascii: dM(>;Ebio =7SZK/[r@Vjm+:/ L6,]H43~NKPC(J=Iuoxw-V8.N"YvvKC`,R@~zzXaMu0wo=_^ct'I\|7Jw5`DS6u4xukOu:Y"LWVtH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49796	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:00 UTC	473	OUT	GET /images/dvd_burning_software.jpg HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.2144220585.1720719599; _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1
2024-07-11 17:40:00 UTC	649	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:00 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 18:34:36 GMT ETag: "583e-5f31ae25d0700" Accept-Ranges: bytes Content-Length: 22590 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:00 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/jpeg
2024-07-11 17:40:00 UTC	7543	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 50 00 00 ff e1 03 2b 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d Data Ascii: ExifII*DuckyP+http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xm
2024-07-11 17:40:00 UTC	8000	IN	Data Raw: 9b 35 11 89 95 c5 66 64 19 99 5c 18 99 5c 19 99 5c 56 66 57 11 89 95 54 99 51 9c 83 39 51 aa 53 66 d9 c6 ba 4d fd 91 fc 52 f5 27 91 eb a7 a1 b4 71 dd b6 29 1d 6b 5e 33 f9 39 5f d7 ea 0f 45 35 7a 7d 7c 6b af ba df 5d ff 00 54 fe 4c 5b d5 f3 4f 67 4b 6c b4 f3 9e 1e 04 e5 35 cf 2b 88 93 65 c5 67 b9 70 62 6d e6 60 cc dd 71 58 ef f3 5c 18 9b ae 0c cd fc d7 17 18 9b 98 33 37 5c 31 3b c5 c4 ef 0c 4e ff 00 30 c4 ef f3 17 0e ff 00 30 c4 ef 13 17 bf cc 5c 3b fc c3 1a ef f3 13 0e e0 c5 ef 0c 5e f3 13 1a 8b 26 0b de 61 8b 16 31 1a c8 2f 77 9a 06 7c c4 6a 2d 30 98 a4 cd 6d 18 b5 62 7c cc 35 89 d5 59 f9 6d 8f 29 e2 ba ae 76 a5 eb ce 33 1e 30 ba 24 5b c1 47 48 b4 5b 85 a3 de ce 2b 33 59 8e 31 c6 01 8c 8a eb af 6d a9 68 b5 67 13 1c a5 2f 32 cc a4 b8 fb 1a 3d 4d 77 47 6d Data Ascii: 5fd\\\VfWTQ9QSfMR'q)k^39_E5z}\|k]TL[OgKl5+egpbm`qX\37\1;N00\;^&a1/w\|j-0mb\|5Ym)v30$[GH[+3Y1mhg/2=MwGm
2024-07-11 17:40:00 UTC	7047	IN	Data Raw: 00 00 00 00 18 17 15 14 00 00 00 00 00 01 70 21 80 d5 01 00 00 00 51 55 00 01 11 55 51 13 54 34 0d 00 10 00 51 8b de b4 8e 3c fc 1a e7 9d 73 ef f4 9c ff 00 eb c5 b3 74 de 79 bb f3 c6 3c fd 75 6f 97 0c e5 b8 ca 4a 8c aa 88 3a 53 5c df 8e 7b 69 1c ef 3f c1 9b d6 0e 93 6a d2 3b 75 c6 33 ce dd 65 9c b7 c9 ae 53 2d c8 8c 65 a1 9c 83 33 22 b3 96 91 26 45 62 67 dd 0a 3b 6b f4 f7 d9 1d d6 fe 5e bf aa 79 cf b2 18 eb b9 07 aa bf 6f 4c 4c 6a ae 27 ae c9 e3 69 62 cb d7 93 58 99 ca c4 65 71 13 20 4c aa b3 90 49 9f 7e 79 40 ad fd bc 46 76 db b2 3e 9f dd 3f 92 7b 6f 85 58 bd ad fa 34 6b 9f 3c 73 f7 ca 64 fe a2 c6 88 8e 3b b6 71 fa 2b c6 7d f2 7b 7d 0d c5 eb 4f d3 aa 91 4f 67 19 9f 7a 59 be 53 57 ed ec 9e 37 98 a4 78 cf 3f 81 ed 3f 86 18 d5 5e 93 b2 7c f8 47 c1 3e 68 4e Data Ascii: p!QUUQT4Q<sty<uoJ:S\{i?j;u3eS-e3"&Ebg;k^yoLLj'ibXeq LI~y@Fv>?{oX4k<sd;q+}{}OOgzYSW7x??^\|G>hN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49798	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:00 UTC	518	OUT	GET /images/disc_burner.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
2024-07-11 17:40:00 UTC	646	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:00 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 09 Jun 2021 12:21:20 GMT ETag: "7e2-5c4544fe11000" Accept-Ranges: bytes Content-Length: 2018 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:00 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:40:00 UTC	2018	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 07 99 49 44 41 54 58 85 ad 97 6b 4c 5b e7 19 c7 ff cf f1 39 d8 c6 17 8a 0d 0e 76 02 c4 86 30 65 6e 0d 69 48 80 26 cb 96 0e 39 25 d7 42 88 b6 e6 d2 ad 53 99 a6 7d 99 34 a9 db 87 49 9b d6 6f dd a4 49 f9 b2 2f 51 37 6d 5d 03 5d b3 84 04 8d 04 8f 90 a8 6b 03 54 c9 8a 93 60 28 6d ed 04 12 03 c6 07 63 b0 b1 8d c1 cf 3e 60 a7 e4 c2 b8 68 7f e9 48 e7 bc e7 3d e7 f7 7f 6f cf fb 3e 84 65 54 58 58 8c 5d bb 77 c3 60 30 2e 16 10 b4 04 ec 07 e8 65 00 0e 00 36 22 e4 00 00 33 c2 00 bc 00 6e 03 dc c5 40 3b 80 08 18 98 8d cd e2 d3 9e 1e 78 3c 77 9f c9 a1 27 0b 44 51 44 6d ad 13 b6 92 52 80 08 60 b6 11 e1 17 00 9d 20 22 cd Data Ascii: PNGIHDR szzsBIT\|dIDATXkL[9v0eniH&9%BS}4IoI/Q7m]]kT`(mc>`hH=o>eTXX]w`0.e6"3n@;x<w'DQDmR` "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49799	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:00 UTC	520	OUT	GET /images/free_software.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
2024-07-11 17:40:00 UTC	646	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:00 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 09 Jun 2021 12:21:12 GMT ETag: "950-5c4544f66fe00" Accept-Ranges: bytes Content-Length: 2384 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:00 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:40:00 UTC	2384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 09 07 49 44 41 54 58 85 a5 97 69 70 d5 e5 15 c6 7f cf ff fe ef 92 7b 13 72 03 09 21 21 ac 41 01 91 30 48 54 d0 8a 0b 9b 33 85 4e 67 6c dd b5 4d a5 74 1c 29 ae e0 87 76 a6 03 d3 69 a7 80 0b ad 38 52 db 6a eb 52 5b 64 b4 a2 56 0c ca e2 42 64 93 84 1d 0c 4b cc 0e d9 b7 9b 9b dc ff e9 87 9b a0 20 62 1d cf d7 f7 7d cf 73 de 73 de f3 bc cf 11 ff 87 a5 67 0e 67 d2 35 77 30 62 c2 74 fc fe 14 10 02 fb 21 68 09 d0 01 fc c1 cc 8a 05 98 a0 bc b4 98 fd 1f ad a5 a1 f6 e8 37 fa d6 85 16 07 0f 9f c8 b8 cb e7 91 3f 69 16 20 64 e6 07 dd 89 58 2c 69 dc 97 f7 9a d9 6e 60 39 b0 ce cc 12 18 d4 56 94 b1 fb bd bf 52 77 b2 ec db Data Ascii: PNGIHDR szzsBIT\|dIDATXip{r!!A0HT3NglMt)vi8RjR[dVBdK b}ssgg5w0bt!h7?i dX,in`9VRw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49800	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:00 UTC	520	OUT	GET /images/best_software.png HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
2024-07-11 17:40:01 UTC	645	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:01 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 08 Sep 2022 17:41:00 GMT ETag: "3c3-5e82deebba300" Accept-Ranges: bytes Content-Length: 963 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:01 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/png
2024-07-11 17:40:01 UTC	963	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 03 7a 49 44 41 54 58 85 ed 56 6d 4c 5b 55 18 7e de 7b 4b b1 d5 1f c2 68 4b 28 fe 60 83 52 03 da 82 21 04 06 65 34 db 62 64 6c 73 89 ca dc 4f d1 f1 e9 07 f2 9f 14 14 30 71 d9 f6 c7 8f c4 08 4c 7f e8 2f 5d 67 58 98 11 3a 43 34 b6 7c 64 6b 0b 41 61 a4 5b 83 09 42 4d a0 0a 6d b8 3d fe 90 bb 95 d2 8f 4b a9 99 31 3e c9 9b 7b f2 9e f7 9c e7 b9 cf b9 e7 9c 4b 90 88 82 02 1d 8e 1d 7f 16 44 04 80 99 00 ea 00 50 0e 80 03 30 c9 80 cb 04 8c 00 80 db e5 84 cd 36 2a 69 5e 5e 4a 91 4c 26 c3 c9 93 a7 91 96 96 06 10 bd 4d a0 cf 89 48 4f 44 8f 11 d1 a3 44 94 4f c0 39 00 72 00 a3 2a 95 1a 5e ef 3d f8 fd eb 09 e7 26 b1 91 91 Data Ascii: PNGIHDR szzsBIT\|dzIDATXVmL[U~{KhK(`R!e4bdlsO0qL/]gX:C4\|dkAa[BMm=K1>{KDP06i^^JL&MHODDO9r^=&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49801	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:00 UTC	515	OUT	GET /images/facebook.jpg HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
2024-07-11 17:40:01 UTC	647	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:01 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 Jun 2020 14:25:40 GMT ETag: "435-5a8d540126100" Accept-Ranges: bytes Content-Length: 1077 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:01 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/jpeg
2024-07-11 17:40:01 UTC	1077	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 01 01 12 00 03 00 00 00 01 00 01 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 64 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 00 14 00 14 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 Data Ascii: JFIF``"ExifMM*DuckydCC"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49802	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:01 UTC	514	OUT	GET /images/twitter.jpg HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599
2024-07-11 17:40:01 UTC	647	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:01 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 Jun 2020 14:25:56 GMT ETag: "3ee-5a8d541068500" Accept-Ranges: bytes Content-Length: 1006 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:01 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/jpeg
2024-07-11 17:40:01 UTC	1006	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 01 01 12 00 03 00 00 00 01 00 01 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 64 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 00 14 00 14 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 Data Ascii: JFIF``"ExifMM*DuckydCC"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49804	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:01 UTC	842	OUT	GET /pagead/html/r20240709/r20110914/zrt_lookup_fy2021.html HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.burnaware.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:02 UTC	635	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Server: cafe Content-Length: 9076 X-XSS-Protection: 0 Date: Wed, 10 Jul 2024 18:09:50 GMT Expires: Wed, 24 Jul 2024 18:09:50 GMT Cache-Control: public, max-age=1209600 ETag: 2738592464165616 Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Age: 84612 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-11 17:40:02 UTC	755	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 6b 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 3b 76 61 72 20 6e 2c 76 3b 61 3a 7b 66 6f 72 28 76 61 72 20 63 61 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 7a 3d 6b 2c 41 3d 30 3b 41 3c 63 61 2e 6c 65 6e 67 74 68 3b 41 2b 2b 29 69 66 28 7a 3d 7a 5b 63 61 5b 41 5d 5d 2c 7a 3d 3d Data Ascii: <!DOCTYPE html><script>(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var k=this\|\|self;function m(a){return a};var n,v;a:{for(var ca=["CLOSURE_FLAGS"],z=k,A=0;A<ca.length;A++)if(z=z[ca[A]],z==
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 2c 62 2c 76 6f 69 64 20 30 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 48 28 61 29 7b 48 5b 22 20 22 5d 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 48 5b 22 20 22 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 76 61 72 20 69 61 3d 65 61 28 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 77 65 62 6b 69 74 22 29 21 3d 2d 31 26 26 21 45 28 22 45 64 67 65 22 29 3b 21 45 28 22 41 6e 64 72 6f 69 64 22 29 7c 7c 47 28 29 3b 47 28 29 3b 45 28 22 53 61 66 61 72 69 22 29 26 26 28 47 28 29 7c 7c 28 46 28 29 3f 30 3a 45 28 22 43 6f 61 73 74 22 29 29 7c 7c 28 46 28 29 3f 30 3a 45 28 22 4f 70 65 72 61 22 29 29 7c 7c 28 46 28 29 3f 30 3a 45 28 22 45 64 67 65 22 29 29 7c 7c 28 46 28 29 3f 43 28 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 29 3a 45 28 22 45 Data Ascii: ,b,void 0)};function H(a){H[" "](a);return a}H[" "]=function(){};var ia=ea().toLowerCase().indexOf("webkit")!=-1&&!E("Edge");!E("Android")\|\|G();G();E("Safari")&&(G()\|\|(F()?0:E("Coast"))\|\|(F()?0:E("Opera"))\|\|(F()?0:E("Edge"))\|\|(F()?C("Microsoft Edge"):E("E
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 3d 63 3b 62 72 65 61 6b 20 62 7d 7d 63 61 74 63 68 28 63 29 7b 7d 4c 3d 6e 75 6c 6c 7d 28 61 3d 4c 29 3f 28 28 62 3d 61 2e 65 73 66 5f 70 72 6f 70 41 72 72 61 79 29 7c 7c 28 62 3d 61 2e 65 73 66 5f 70 72 6f 70 41 72 72 61 79 3d 7b 7d 29 2c 61 3d 62 29 3a 61 3d 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 61 3f 2e 5b 32 5d 7d 3b 76 61 72 20 4d 3d 77 69 6e 64 6f 77 3b 76 61 72 20 73 61 3d 2f 23 28 52 3f 53 29 2d 28 2e 2a 29 2f 2c 74 61 3d 2f 5e 28 5c 64 2b 29 2d 28 2e 2a 29 2f 3b 63 6c 61 73 73 20 75 61 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 2c 62 29 7b 74 68 69 73 2e 65 72 72 6f 72 3d 61 3b 74 68 69 73 2e 63 6f 6e 74 65 78 74 3d 62 2e 63 6f 6e 74 65 78 74 3b 74 68 69 73 2e 6d 73 67 3d 62 2e 6d 65 73 73 61 67 65 7c 7c 22 22 3b 74 68 69 73 2e 69 64 3d 62 2e 69 64 Data Ascii: =c;break b}}catch(c){}L=null}(a=L)?((b=a.esf_propArray)\|\|(b=a.esf_propArray={}),a=b):a=null;return a?.[2]};var M=window;var sa=/#(R?S)-(.)/,ta=/^(\d+)-(.)/;class ua{constructor(a,b){this.error=a;this.context=b.context;this.msg=b.message\|\|"";this.id=b.id
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 67 6c 65 5f 6a 73 5f 72 65 70 6f 72 74 69 6e 67 5f 71 75 65 75 65 3d 61 2e 67 6f 6f 67 6c 65 5f 6a 73 5f 72 65 70 6f 72 74 69 6e 67 5f 71 75 65 75 65 7c 7c 5b 5d 2c 74 68 69 73 2e 68 3d 61 2e 67 6f 6f 67 6c 65 5f 6a 73 5f 72 65 70 6f 72 74 69 6e 67 5f 71 75 65 75 65 2c 62 3d 61 2e 67 6f 6f 67 6c 65 5f 6d 65 61 73 75 72 65 5f 6a 73 5f 74 69 6d 69 6e 67 29 3b 74 68 69 73 2e 67 3d 51 28 29 7c 7c 28 62 21 3d 6e 75 6c 6c 3f 62 3a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3c 31 29 7d 73 74 61 72 74 28 61 2c 62 29 7b 69 66 28 21 74 68 69 73 2e 67 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 61 3d 6e 65 77 20 45 61 28 61 2c 62 29 3b 62 3d 60 67 6f 6f 67 5f 24 7b 61 2e 6c 61 62 65 6c 7d 5f 24 7b 61 2e 75 6e 69 71 75 65 49 64 7d 5f 73 74 61 72 74 60 3b 50 26 26 51 28 29 26 Data Ascii: gle_js_reporting_queue=a.google_js_reporting_queue\|\|[],this.h=a.google_js_reporting_queue,b=a.google_measure_js_timing);this.g=Q()\|\|(b!=null?b:Math.random()<1)}start(a,b){if(!this.g)return null;a=new Ea(a,b);b=`goog_${a.label}_${a.uniqueId}_start`;P&&Q()&
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 2e 69 3b 62 72 65 61 6b 7d 62 3d 62 3d 3d 6e 75 6c 6c 3f 68 3a 62 7d 7d 7d 61 3d 22 22 3b 62 21 3d 6e 75 6c 6c 26 26 28 61 3d 66 2b 22 74 72 6e 3d 22 2b 62 29 3b 72 65 74 75 72 6e 20 63 2b 61 7d 63 6c 61 73 73 20 53 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7b 74 68 69 73 2e 69 3d 22 26 22 3b 74 68 69 73 2e 68 3d 7b 7d 3b 74 68 69 73 2e 6a 3d 30 3b 74 68 69 73 2e 67 3d 5b 5d 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 54 28 61 29 7b 6c 65 74 20 62 3d 61 2e 74 6f 53 74 72 69 6e 67 28 29 3b 61 2e 6e 61 6d 65 26 26 62 2e 69 6e 64 65 78 4f 66 28 61 2e 6e 61 6d 65 29 3d 3d 2d 31 26 26 28 62 2b 3d 22 3a 20 22 2b 61 2e 6e 61 6d 65 29 3b 61 2e 6d 65 73 73 61 67 65 26 26 62 2e 69 6e 64 65 78 4f 66 28 61 2e 6d 65 73 73 61 67 65 29 3d 3d 2d 31 26 26 28 62 2b 3d 22 3a 20 22 Data Ascii: .i;break}b=b==null?h:b}}}a="";b!=null&&(a=f+"trn="+b);return c+a}class S{constructor(){this.i="&";this.h={};this.j=0;this.g=[]}};function T(a){let b=a.toString();a.name&&b.indexOf(a.name)==-1&&(b+=": "+a.name);a.message&&b.indexOf(a.message)==-1&&(b+=": "
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 75 6c 6c 3b 63 6f 6e 73 74 20 5a 3d 74 2e 6c 65 6e 67 74 68 2d 31 3b 66 6f 72 28 78 3d 5a 3b 78 3e 3d 30 3b 2d 2d 78 29 7b 76 61 72 20 75 3d 74 5b 78 5d 3b 21 67 26 26 7a 61 2e 74 65 73 74 28 75 2e 75 72 6c 29 26 26 28 67 3d 75 29 3b 69 66 28 75 2e 75 72 6c 26 26 21 75 2e 6c 29 7b 4f 3d 75 3b 62 72 65 61 6b 7d 7d 75 3d 6e 75 6c 6c 3b 63 6f 6e 73 74 20 55 61 3d 74 2e 6c 65 6e 67 74 68 26 26 0a 74 5b 5a 5d 2e 75 72 6c 3b 4f 2e 64 65 70 74 68 21 3d 30 26 26 55 61 26 26 28 75 3d 74 5b 5a 5d 29 3b 65 3d 6e 65 77 20 41 61 28 4f 2c 75 29 3b 69 66 28 65 2e 68 29 7b 74 3d 72 3b 76 61 72 20 79 3d 65 2e 68 2e 75 72 6c 7c 7c 22 22 3b 74 2e 67 2e 70 75 73 68 28 34 29 3b 74 2e 68 5b 34 5d 3d 52 28 22 74 6f 70 22 2c 79 29 7d 76 61 72 20 61 61 3d 7b 75 72 6c 3a 65 2e 67 Data Ascii: ull;const Z=t.length-1;for(x=Z;x>=0;--x){var u=t[x];!g&&za.test(u.url)&&(g=u);if(u.url&&!u.l){O=u;break}}u=null;const Ua=t.length&&t[Z].url;O.depth!=0&&Ua&&(u=t[Z]);e=new Aa(O,u);if(e.h){t=r;var y=e.h.url\|\|"";t.g.push(4);t.h[4]=R("top",y)}var aa={url:e.g
2024-07-11 17:40:02 UTC	1371	IN	Data Raw: 66 28 49 3d 3d 3d 76 6f 69 64 20 30 29 7b 76 61 72 20 62 3d 6e 75 6c 6c 3b 76 61 72 20 63 3d 6b 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 63 26 26 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 7b 74 72 79 7b 62 3d 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 67 6f 6f 67 23 68 74 6d 6c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 6d 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 6d 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 6d 7d 29 7d 63 61 74 63 68 28 64 29 7b 6b 2e 63 6f 6e 73 6f 6c 65 26 26 6b 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 64 2e 6d 65 73 73 61 67 65 29 7d 49 3d 62 7d 65 6c 73 65 20 49 3d 62 7d 61 3d 28 62 3d 49 29 3f 62 2e 63 72 65 61 74 65 48 54 4d 4c 28 61 29 3a 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 4a 28 61 2c 6b 61 29 7d Data Ascii: f(I===void 0){var b=null;var c=k.trustedTypes;if(c&&c.createPolicy){try{b=c.createPolicy("goog#html",{createHTML:m,createScript:m,createScriptURL:m})}catch(d){k.console&&k.console.error(d.message)}I=b}else I=b}a=(b=I)?b.createHTML(a):a;return new J(a,ka)}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49805	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:01 UTC	2041	OUT	GET /pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4020171120520066& [TRUNCATED] Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.burnaware.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:02 UTC	759	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:02 GMT Server: cafe Cache-Control: private X-XSS-Protection: 0 Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 11-Jul-2024 17:55:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Thu, 11 Jul 2024 17:40:02 GMT Connection: close Transfer-Encoding: chunked
2024-07-11 17:40:02 UTC	631	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 6a 73 63 56 65 72 73 69 6f 6e 20 3d 20 27 72 32 30 32 34 30 37 30 39 27 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 67 6f 6f 67 6c 65 5f 63 61 73 6d 3d 5b 5d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 61 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 20 7d 2e 69 6d 67 5f 61 64 3a 68 6f 76 65 72 20 7b 2d 77 65 62 6b 69 74 2d 66 69 6c 74 65 72 3a 20 62 72 69 67 68 74 6e 65 73 73 28 31 32 30 25 29 7d 3c 2f 73 74 79 6c 65 3e 3c 73 63 72 69 70 74 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 64 69 63 6e 66 20 3d 20 7b 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 Data Ascii: 8000<!doctype html><html><head><script>var jscVersion = 'r20240709';</script><script>var google_casm=[];</script><style>a { color: #000000 }.img_ad:hover {-webkit-filter: brightness(120%)}</style><script></script><script>window.dicnf = {};</script><scri
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 61 3a 7b 76 61 72 20 63 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 3b 66 6f 72 28 76 61 72 20 64 3d 75 2c 65 3d 30 3b 65 3c 63 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 69 66 28 64 3d 64 5b 63 5b 65 5d 5d 2c 64 3d 3d 6e 75 6c 6c 29 7b 63 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 63 3d 64 7d 61 3d 63 26 26 63 5b 61 5d 3b 72 65 74 75 72 6e 20 61 21 3d 6e 75 6c 6c 3f 61 3a 62 7d 3b 76 61 72 20 61 61 3d 76 28 36 31 30 34 30 31 33 30 31 2c 21 31 29 2c 62 61 3d 76 28 31 38 38 35 38 38 37 33 36 2c 76 28 31 2c 21 30 29 29 3b 76 61 72 20 77 3b 63 6f 6e 73 74 20 63 61 3d 75 2e 6e 61 76 69 67 61 74 6f 72 3b 77 3d 63 61 3f 63 61 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 78 28 61 29 7b 72 65 74 75 72 Data Ascii: a:{var c=["CLOSURE_FLAGS"];for(var d=u,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};var aa=v(610401301,!1),ba=v(188588736,v(1,!0));var w;const ca=u.navigator;w=ca?ca.userAgentData\|\|null:null;function x(a){retur
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 4a 28 61 2c 76 6f 69 64 20 30 2c 30 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 6c 65 74 20 62 3d 22 22 2c 63 3d 30 3b 63 6f 6e 73 74 20 64 3d 61 2e 6c 65 6e 67 74 68 2d 31 30 32 34 30 3b 66 6f 72 28 3b 63 3c 64 3b 29 62 2b 3d 53 74 72 69 6e 67 2e 66 72 Data Ascii: {switch(typeof a){case "number":return isFinite(a)?a:String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(J(a,void 0,0))return}else if(a!=null&&a instanceof Uint8Array){let b="",c=0;const d=a.length-10240;for(;c<d;)b+=String.fr
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 62 3d 61 5b 48 5d 7c 30 3b 69 66 28 62 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 61 72 72 22 29 3b 69 66 28 62 26 36 34 29 62 72 65 61 6b 20 61 3b 76 61 72 20 63 3d 61 3b 62 7c 3d 36 34 3b 76 61 72 20 64 3d 63 2e 6c 65 6e 67 74 68 3b 69 66 28 64 26 26 28 2d 2d 64 2c 49 28 63 5b 64 5d 29 29 29 7b 62 7c 3d 32 35 36 3b 63 3d 64 2d 28 2b 21 21 28 62 26 35 31 32 29 2d 31 29 3b 69 66 28 63 3e 3d 31 30 32 34 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 76 74 6c 6d 74 22 29 3b 62 3d 62 26 2d 31 36 37 36 30 38 33 33 7c 28 63 26 31 30 32 33 29 3c 3c 31 34 7d 7d 61 5b 48 5d 3d 62 7d 74 68 69 73 2e 6c 3d 61 7d 74 6f 4a 53 4f 4e 28 29 7b 72 65 74 75 72 6e 20 74 61 28 74 68 69 73 29 7d 7d 3b 4f 2e 70 72 6f 74 6f 74 79 70 65 2e 41 3d 65 61 3b 4f 2e 70 Data Ascii: b=a[H]\|0;if(b&2048)throw Error("farr");if(b&64)break a;var c=a;b\|=64;var d=c.length;if(d&&(--d,I(c[d]))){b\|=256;c=d-(+!!(b&512)-1);if(c>=1024)throw Error("pvtlmt");b=b&-16760833\|(c&1023)<<14}}a[H]=b}this.l=a}toJSON(){return ta(this)}};O.prototype.A=ea;O.p
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 28 62 2c 63 2c 21 31 29 7d 3b 76 61 72 20 42 61 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24 22 29 3b 66 75 6e 63 74 69 6f 6e 20 43 61 28 61 2c 62 2c 63 2c 64 29 7b 66 6f 72 28 76 61 72 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 28 62 3d 61 2e 69 6e 64 65 78 4f 66 28 63 2c 62 29 29 3e 3d 30 26 26 62 3c 64 3b 29 7b 76 61 72 20 66 3d 61 2e 63 68 61 72 43 6f 64 65 41 74 28 62 2d 31 29 3b 69 66 28 66 3d Data Ascii: (b,c,!1)};var Ba=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#])@)?([^\\\\/?#]?)(?::([0-9]+))?(?=[\\\\/?#]\|$))?([^?#]+)?(?:\\?([^#]))?(?:#([\\s\\S]))?$");function Ca(a,b,c,d){for(var e=c.length;(b=a.indexOf(c,b))>=0&&b<d;){var f=a.charCodeAt(b-1);if(f=
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 28 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 73 74 73 3d 5b 5d 29 3b 63 6f 6e 73 74 20 63 3d 4e 61 28 75 2e 64 6f 63 75 6d 65 6e 74 29 3b 69 66 28 62 29 7b 63 6f 6e 73 74 20 64 3d 65 3d 3e 7b 62 26 26 62 28 65 29 3b 63 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 63 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 64 2c 21 31 29 3b 63 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 63 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 65 72 72 6f 72 22 2c 64 2c 21 31 29 7d 3b 41 61 28 63 2c 22 6c 6f 61 64 22 2c 64 29 3b 41 61 28 63 2c 22 65 72 72 6f 72 22 2c 64 29 7d 63 2e 73 72 63 3d 61 3b 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 Data Ascii: (u.google_image_requests=[]);const c=Na(u.document);if(b){const d=e=>{b&&b(e);c.removeEventListener&&c.removeEventListener("load",d,!1);c.removeEventListener&&c.removeEventListener("error",d,!1)};Aa(c,"load",d);Aa(c,"error",d)}c.src=a;u.google_image_reque
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 66 6c 6f 6f 72 28 61 2e 6e 6f 77 28 29 2b 61 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 29 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 66 75 6e 63 74 69 6f 6e 20 24 61 28 29 7b 63 6f 6e 73 74 20 61 3d 75 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3b 72 65 74 75 72 6e 20 61 26 26 61 2e 6e 6f 77 3f 61 2e 6e 6f 77 28 29 3a 6e 75 6c 6c 7d 3b 76 61 72 20 61 62 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 2c 62 29 7b 76 61 72 20 63 3d 24 61 28 29 7c 7c 5a 61 28 29 3b 74 68 69 73 2e 6c 61 62 65 6c 3d 61 3b 74 68 69 73 2e 74 79 70 65 3d 62 3b 74 68 69 73 2e 76 61 6c 75 65 3d 63 3b 74 68 69 73 2e 64 75 72 61 74 69 6f 6e 3d 30 3b 74 68 69 73 2e 74 61 73 6b 49 64 3d 74 68 69 73 2e 73 6c 6f 74 49 64 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 75 Data Ascii: floor(a.now()+a.timing.navigationStart):Date.now()}function $a(){const a=u.performance;return a&&a.now?a.now():null};var ab=class{constructor(a,b){var c=$a()\|\|Za();this.label=a;this.type=b;this.value=c;this.duration=0;this.taskId=this.slotId=void 0;this.u
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 6e 29 7b 28 67 3d 66 62 28 67 2c 62 2c 63 2c 64 2c 65 29 29 26 26 66 2e 70 75 73 68 28 6e 2b 22 3d 22 2b 67 29 7d 29 3b 72 65 74 75 72 6e 20 66 2e 6a 6f 69 6e 28 62 29 7d 20 66 75 6e 63 74 69 6f 6e 20 66 62 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 22 22 3b 62 3d 62 7c 7c 22 26 22 3b 63 3d 63 7c 7c 22 2c 24 22 3b 74 79 70 65 6f 66 20 63 3d 3d 22 73 74 72 69 6e 67 22 26 26 28 63 3d 63 2e 73 70 6c 69 74 28 22 22 29 29 3b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 7b 69 66 28 64 3d 64 7c 7c 30 2c 64 3c 63 2e 6c 65 6e 67 74 68 29 7b 63 6f 6e 73 74 20 66 3d 5b 5d 3b 66 6f 72 28 6c 65 74 20 67 3d 30 3b 67 3c 61 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 66 2e 70 75 73 68 28 66 62 28 61 5b 67 5d 2c 62 Data Ascii: n){(g=fb(g,b,c,d,e))&&f.push(n+"="+g)});return f.join(b)} function fb(a,b,c,d,e){if(a==null)return"";b=b\|\|"&";c=c\|\|",$";typeof c=="string"&&(c=c.split(""));if(a instanceof Array){if(d=d\|\|0,d<c.length){const f=[];for(let g=0;g<a.length;g++)f.push(fb(a[g],b
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 28 66 3d 61 2e 67 2e 73 74 61 72 74 28 62 2e 74 6f 53 74 72 69 6e 67 28 29 2c 33 29 2c 65 3d 63 28 29 2c 61 2e 67 2e 65 6e 64 28 66 29 29 3a 65 3d 63 28 29 7d 63 61 74 63 68 28 67 29 7b 63 3d 21 30 3b 74 72 79 7b 63 62 28 66 29 2c 63 3d 61 2e 42 28 62 2c 6e 65 77 20 56 61 28 67 2c 7b 6d 65 73 73 61 67 65 3a 6a 62 28 67 29 7d 29 2c 76 6f 69 64 20 30 2c 64 29 7d 63 61 74 63 68 28 6e 29 7b 61 2e 6d 28 32 31 37 2c 6e 29 7d 69 66 28 63 29 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 3f 2e 65 72 72 6f 72 3f 2e 28 67 29 3b 65 6c 73 65 20 74 68 72 6f 77 20 67 3b 7d 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 6c 62 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 58 3b 72 65 74 75 72 6e 28 2e 2e 2e 66 29 3d 3e 6b 62 28 65 2c 61 2c 28 29 3d 3e 62 2e 61 70 70 Data Ascii: (f=a.g.start(b.toString(),3),e=c(),a.g.end(f)):e=c()}catch(g){c=!0;try{cb(f),c=a.B(b,new Va(g,{message:jb(g)}),void 0,d)}catch(n){a.m(217,n)}if(c)window.console?.error?.(g);else throw g;}return e}function lb(a,b,c,d){var e=X;return(...f)=>kb(e,a,()=>b.app
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 5d 2e 75 72 6c 3b 6a 61 2e 64 65 70 74 68 21 3d 30 26 26 72 62 26 26 28 72 3d 70 5b 6b 61 5d 29 3b 66 3d 6e 65 77 20 58 61 28 6a 61 2c 72 29 3b 69 66 28 66 2e 69 29 7b 70 3d 7a 3b 76 61 72 20 74 3d 66 2e 69 2e 75 72 6c 7c 7c 22 22 3b 70 2e 67 2e 70 75 73 68 28 34 29 3b 70 2e 69 5b 34 5d 3d 57 28 22 74 6f 70 22 2c 74 29 7d 76 61 72 20 42 3d 7b 75 72 6c 3a 66 2e 67 2e 75 72 6c 7c 7c 22 22 7d 3b 69 66 28 66 2e 67 2e 75 72 6c 29 7b 76 61 72 20 43 3d 66 2e 67 2e 75 72 6c 2e 6d 61 74 63 68 28 42 61 29 2c 4c 3d 43 5b 31 5d 2c 4b 61 3d 43 5b 33 5d 2c 4c 61 3d 43 5b 34 5d 3b 74 3d 22 22 3b 4c 26 26 28 74 2b 3d 4c 2b 22 3a 22 29 3b 4b 61 26 26 28 74 2b 3d 22 2f 2f 22 2c 74 2b 3d 4b 61 2c 4c 61 26 26 28 74 2b 3d 22 3a 22 2b 4c 61 29 29 3b 76 61 72 20 4d 61 3d 74 7d Data Ascii: ].url;ja.depth!=0&&rb&&(r=p[ka]);f=new Xa(ja,r);if(f.i){p=z;var t=f.i.url\|\|"";p.g.push(4);p.i[4]=W("top",t)}var B={url:f.g.url\|\|""};if(f.g.url){var C=f.g.url.match(Ba),L=C[1],Ka=C[3],La=C[4];t="";L&&(t+=L+":");Ka&&(t+="//",t+=Ka,La&&(t+=":"+La));var Ma=t}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49806	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:01 UTC	2375	OUT	GET /pagead/ads?client=ca-pub-7659414764356284&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1720442382&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.burnaware.com%2F&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=27_15~29_10~30_19&aiixl=27_3~29_5~30_6&aslmct=0.7&asamct=0.7&aisaib=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598746&bpp=1&bdt=519&idt=1591&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=930x280&nras=1&correlator=8080801241025&frm=20&pv=1&ga_vid=2144220585.1720719599&ga_s [TRUNCATED] Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.burnaware.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:02 UTC	696	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:02 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 11-Jul-2024 17:55:02 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Expires: Thu, 11 Jul 2024 17:40:02 GMT Cache-Control: private Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49807	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:01 UTC	2067	OUT	GET /pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid= [TRUNCATED] Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:02 UTC	759	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:02 GMT Server: cafe Cache-Control: private X-XSS-Protection: 0 Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 11-Jul-2024 17:55:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Thu, 11 Jul 2024 17:40:02 GMT Connection: close Transfer-Encoding: chunked
2024-07-11 17:40:02 UTC	631	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 6a 73 63 56 65 72 73 69 6f 6e 20 3d 20 27 72 32 30 32 34 30 37 30 39 27 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 67 6f 6f 67 6c 65 5f 63 61 73 6d 3d 5b 5d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 61 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 20 7d 2e 69 6d 67 5f 61 64 3a 68 6f 76 65 72 20 7b 2d 77 65 62 6b 69 74 2d 66 69 6c 74 65 72 3a 20 62 72 69 67 68 74 6e 65 73 73 28 31 32 30 25 29 7d 3c 2f 73 74 79 6c 65 3e 3c 73 63 72 69 70 74 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 64 69 63 6e 66 20 3d 20 7b 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 Data Ascii: 8000<!doctype html><html><head><script>var jscVersion = 'r20240709';</script><script>var google_casm=[];</script><style>a { color: #000000 }.img_ad:hover {-webkit-filter: brightness(120%)}</style><script></script><script>window.dicnf = {};</script><scri
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 61 3a 7b 76 61 72 20 63 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 3b 66 6f 72 28 76 61 72 20 64 3d 75 2c 65 3d 30 3b 65 3c 63 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 69 66 28 64 3d 64 5b 63 5b 65 5d 5d 2c 64 3d 3d 6e 75 6c 6c 29 7b 63 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 63 3d 64 7d 61 3d 63 26 26 63 5b 61 5d 3b 72 65 74 75 72 6e 20 61 21 3d 6e 75 6c 6c 3f 61 3a 62 7d 3b 76 61 72 20 61 61 3d 76 28 36 31 30 34 30 31 33 30 31 2c 21 31 29 2c 62 61 3d 76 28 31 38 38 35 38 38 37 33 36 2c 76 28 31 2c 21 30 29 29 3b 76 61 72 20 77 3b 63 6f 6e 73 74 20 63 61 3d 75 2e 6e 61 76 69 67 61 74 6f 72 3b 77 3d 63 61 3f 63 61 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 78 28 61 29 7b 72 65 74 75 72 Data Ascii: a:{var c=["CLOSURE_FLAGS"];for(var d=u,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};var aa=v(610401301,!1),ba=v(188588736,v(1,!0));var w;const ca=u.navigator;w=ca?ca.userAgentData\|\|null:null;function x(a){retur
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 4a 28 61 2c 76 6f 69 64 20 30 2c 30 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 6c 65 74 20 62 3d 22 22 2c 63 3d 30 3b 63 6f 6e 73 74 20 64 3d 61 2e 6c 65 6e 67 74 68 2d 31 30 32 34 30 3b 66 6f 72 28 3b 63 3c 64 3b 29 62 2b 3d 53 74 72 69 6e 67 2e 66 72 Data Ascii: {switch(typeof a){case "number":return isFinite(a)?a:String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(J(a,void 0,0))return}else if(a!=null&&a instanceof Uint8Array){let b="",c=0;const d=a.length-10240;for(;c<d;)b+=String.fr
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 62 3d 61 5b 48 5d 7c 30 3b 69 66 28 62 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 61 72 72 22 29 3b 69 66 28 62 26 36 34 29 62 72 65 61 6b 20 61 3b 76 61 72 20 63 3d 61 3b 62 7c 3d 36 34 3b 76 61 72 20 64 3d 63 2e 6c 65 6e 67 74 68 3b 69 66 28 64 26 26 28 2d 2d 64 2c 49 28 63 5b 64 5d 29 29 29 7b 62 7c 3d 32 35 36 3b 63 3d 64 2d 28 2b 21 21 28 62 26 35 31 32 29 2d 31 29 3b 69 66 28 63 3e 3d 31 30 32 34 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 76 74 6c 6d 74 22 29 3b 62 3d 62 26 2d 31 36 37 36 30 38 33 33 7c 28 63 26 31 30 32 33 29 3c 3c 31 34 7d 7d 61 5b 48 5d 3d 62 7d 74 68 69 73 2e 6c 3d 61 7d 74 6f 4a 53 4f 4e 28 29 7b 72 65 74 75 72 6e 20 74 61 28 74 68 69 73 29 7d 7d 3b 4f 2e 70 72 6f 74 6f 74 79 70 65 2e 41 3d 65 61 3b 4f 2e 70 Data Ascii: b=a[H]\|0;if(b&2048)throw Error("farr");if(b&64)break a;var c=a;b\|=64;var d=c.length;if(d&&(--d,I(c[d]))){b\|=256;c=d-(+!!(b&512)-1);if(c>=1024)throw Error("pvtlmt");b=b&-16760833\|(c&1023)<<14}}a[H]=b}this.l=a}toJSON(){return ta(this)}};O.prototype.A=ea;O.p
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 28 62 2c 63 2c 21 31 29 7d 3b 76 61 72 20 42 61 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24 22 29 3b 66 75 6e 63 74 69 6f 6e 20 43 61 28 61 2c 62 2c 63 2c 64 29 7b 66 6f 72 28 76 61 72 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 28 62 3d 61 2e 69 6e 64 65 78 4f 66 28 63 2c 62 29 29 3e 3d 30 26 26 62 3c 64 3b 29 7b 76 61 72 20 66 3d 61 2e 63 68 61 72 43 6f 64 65 41 74 28 62 2d 31 29 3b 69 66 28 66 3d Data Ascii: (b,c,!1)};var Ba=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#])@)?([^\\\\/?#]?)(?::([0-9]+))?(?=[\\\\/?#]\|$))?([^?#]+)?(?:\\?([^#]))?(?:#([\\s\\S]))?$");function Ca(a,b,c,d){for(var e=c.length;(b=a.indexOf(c,b))>=0&&b<d;){var f=a.charCodeAt(b-1);if(f=
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 28 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 73 74 73 3d 5b 5d 29 3b 63 6f 6e 73 74 20 63 3d 4e 61 28 75 2e 64 6f 63 75 6d 65 6e 74 29 3b 69 66 28 62 29 7b 63 6f 6e 73 74 20 64 3d 65 3d 3e 7b 62 26 26 62 28 65 29 3b 63 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 63 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 64 2c 21 31 29 3b 63 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 63 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 65 72 72 6f 72 22 2c 64 2c 21 31 29 7d 3b 41 61 28 63 2c 22 6c 6f 61 64 22 2c 64 29 3b 41 61 28 63 2c 22 65 72 72 6f 72 22 2c 64 29 7d 63 2e 73 72 63 3d 61 3b 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 Data Ascii: (u.google_image_requests=[]);const c=Na(u.document);if(b){const d=e=>{b&&b(e);c.removeEventListener&&c.removeEventListener("load",d,!1);c.removeEventListener&&c.removeEventListener("error",d,!1)};Aa(c,"load",d);Aa(c,"error",d)}c.src=a;u.google_image_reque
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 66 6c 6f 6f 72 28 61 2e 6e 6f 77 28 29 2b 61 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 29 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 66 75 6e 63 74 69 6f 6e 20 24 61 28 29 7b 63 6f 6e 73 74 20 61 3d 75 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3b 72 65 74 75 72 6e 20 61 26 26 61 2e 6e 6f 77 3f 61 2e 6e 6f 77 28 29 3a 6e 75 6c 6c 7d 3b 76 61 72 20 61 62 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 2c 62 29 7b 76 61 72 20 63 3d 24 61 28 29 7c 7c 5a 61 28 29 3b 74 68 69 73 2e 6c 61 62 65 6c 3d 61 3b 74 68 69 73 2e 74 79 70 65 3d 62 3b 74 68 69 73 2e 76 61 6c 75 65 3d 63 3b 74 68 69 73 2e 64 75 72 61 74 69 6f 6e 3d 30 3b 74 68 69 73 2e 74 61 73 6b 49 64 3d 74 68 69 73 2e 73 6c 6f 74 49 64 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 75 Data Ascii: floor(a.now()+a.timing.navigationStart):Date.now()}function $a(){const a=u.performance;return a&&a.now?a.now():null};var ab=class{constructor(a,b){var c=$a()\|\|Za();this.label=a;this.type=b;this.value=c;this.duration=0;this.taskId=this.slotId=void 0;this.u
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 6e 29 7b 28 67 3d 66 62 28 67 2c 62 2c 63 2c 64 2c 65 29 29 26 26 66 2e 70 75 73 68 28 6e 2b 22 3d 22 2b 67 29 7d 29 3b 72 65 74 75 72 6e 20 66 2e 6a 6f 69 6e 28 62 29 7d 20 66 75 6e 63 74 69 6f 6e 20 66 62 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 22 22 3b 62 3d 62 7c 7c 22 26 22 3b 63 3d 63 7c 7c 22 2c 24 22 3b 74 79 70 65 6f 66 20 63 3d 3d 22 73 74 72 69 6e 67 22 26 26 28 63 3d 63 2e 73 70 6c 69 74 28 22 22 29 29 3b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 7b 69 66 28 64 3d 64 7c 7c 30 2c 64 3c 63 2e 6c 65 6e 67 74 68 29 7b 63 6f 6e 73 74 20 66 3d 5b 5d 3b 66 6f 72 28 6c 65 74 20 67 3d 30 3b 67 3c 61 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 66 2e 70 75 73 68 28 66 62 28 61 5b 67 5d 2c 62 Data Ascii: n){(g=fb(g,b,c,d,e))&&f.push(n+"="+g)});return f.join(b)} function fb(a,b,c,d,e){if(a==null)return"";b=b\|\|"&";c=c\|\|",$";typeof c=="string"&&(c=c.split(""));if(a instanceof Array){if(d=d\|\|0,d<c.length){const f=[];for(let g=0;g<a.length;g++)f.push(fb(a[g],b
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 28 66 3d 61 2e 67 2e 73 74 61 72 74 28 62 2e 74 6f 53 74 72 69 6e 67 28 29 2c 33 29 2c 65 3d 63 28 29 2c 61 2e 67 2e 65 6e 64 28 66 29 29 3a 65 3d 63 28 29 7d 63 61 74 63 68 28 67 29 7b 63 3d 21 30 3b 74 72 79 7b 63 62 28 66 29 2c 63 3d 61 2e 42 28 62 2c 6e 65 77 20 56 61 28 67 2c 7b 6d 65 73 73 61 67 65 3a 6a 62 28 67 29 7d 29 2c 76 6f 69 64 20 30 2c 64 29 7d 63 61 74 63 68 28 6e 29 7b 61 2e 6d 28 32 31 37 2c 6e 29 7d 69 66 28 63 29 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 3f 2e 65 72 72 6f 72 3f 2e 28 67 29 3b 65 6c 73 65 20 74 68 72 6f 77 20 67 3b 7d 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 6c 62 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 58 3b 72 65 74 75 72 6e 28 2e 2e 2e 66 29 3d 3e 6b 62 28 65 2c 61 2c 28 29 3d 3e 62 2e 61 70 70 Data Ascii: (f=a.g.start(b.toString(),3),e=c(),a.g.end(f)):e=c()}catch(g){c=!0;try{cb(f),c=a.B(b,new Va(g,{message:jb(g)}),void 0,d)}catch(n){a.m(217,n)}if(c)window.console?.error?.(g);else throw g;}return e}function lb(a,b,c,d){var e=X;return(...f)=>kb(e,a,()=>b.app
2024-07-11 17:40:02 UTC	1390	IN	Data Raw: 5d 2e 75 72 6c 3b 6a 61 2e 64 65 70 74 68 21 3d 30 26 26 72 62 26 26 28 72 3d 70 5b 6b 61 5d 29 3b 66 3d 6e 65 77 20 58 61 28 6a 61 2c 72 29 3b 69 66 28 66 2e 69 29 7b 70 3d 7a 3b 76 61 72 20 74 3d 66 2e 69 2e 75 72 6c 7c 7c 22 22 3b 70 2e 67 2e 70 75 73 68 28 34 29 3b 70 2e 69 5b 34 5d 3d 57 28 22 74 6f 70 22 2c 74 29 7d 76 61 72 20 42 3d 7b 75 72 6c 3a 66 2e 67 2e 75 72 6c 7c 7c 22 22 7d 3b 69 66 28 66 2e 67 2e 75 72 6c 29 7b 76 61 72 20 43 3d 66 2e 67 2e 75 72 6c 2e 6d 61 74 63 68 28 42 61 29 2c 4c 3d 43 5b 31 5d 2c 4b 61 3d 43 5b 33 5d 2c 4c 61 3d 43 5b 34 5d 3b 74 3d 22 22 3b 4c 26 26 28 74 2b 3d 4c 2b 22 3a 22 29 3b 4b 61 26 26 28 74 2b 3d 22 2f 2f 22 2c 74 2b 3d 4b 61 2c 4c 61 26 26 28 74 2b 3d 22 3a 22 2b 4c 61 29 29 3b 76 61 72 20 4d 61 3d 74 7d Data Ascii: ].url;ja.depth!=0&&rb&&(r=p[ka]);f=new Xa(ja,r);if(f.i){p=z;var t=f.i.url\|\|"";p.g.push(4);p.i[4]=W("top",t)}var B={url:f.g.url\|\|""};if(f.g.url){var C=f.g.url.match(Ba),L=C[1],Ka=C[3],La=C[4];t="";L&&(t+=L+":");Ka&&(t+="//",t+=Ka,La&&(t+=":"+La));var Ma=t}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49808	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:01 UTC	2391	OUT	GET /pagead/ads?client=ca-pub-7659414764356284&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1720153543&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=27_9~30_19&aiixl=27_3~30_6&aslmct=0.7&asamct=0.7&aisaib=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598796&bpp=2&bdt=2948&idt=1590&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=930x280&nras=1&correlator=139266055133&frm=20&pv=1&ga_vid=2144220585.1720719599&ga_s [TRUNCATED] Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:02 UTC	696	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:01 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 11-Jul-2024 17:55:01 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Expires: Thu, 11 Jul 2024 17:40:01 GMT Cache-Control: private Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49809	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:02 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wRTxFRwcxxg7e5C&MD=L+rnHGl2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-11 17:40:02 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 55cce2a4-df30-4b47-ad75-67330d03ce39 MS-RequestId: f7705c7c-54aa-4b85-ac76-f3abbfbbed89 MS-CV: SWpL5xjhQUSh0SLf.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:01 GMT Connection: close Content-Length: 30005
2024-07-11 17:40:02 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-07-11 17:40:02 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49814	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:03 UTC	2124	OUT	GET /pagead/drt/s?v=r20120211 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C310 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: test_cookie=CheckForPermission
2024-07-11 17:40:04 UTC	428	IN	HTTP/1.1 200 OK Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Server: cafe X-XSS-Protection: 0 Date: Thu, 11 Jul 2024 17:01:52 GMT Cache-Control: public, max-age=3600 Content-Type: text/html; charset=UTF-8 Age: 2291 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-11 17:40:04 UTC	154	IN	Data Raw: 38 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 61 67 65 61 64 2f 64 72 74 2f 75 69 22 20 2f 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f<!DOCTYPE HTML PUBLIC><html> <head> <meta http-equiv="refresh" content="0;url=https://www.google.com/pagead/drt/ui" /> </head></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49813	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:03 UTC	2953	OUT	GET /pagead/adview?ai=CMU2X8hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTMAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu8mManDMJHDRU-QHVpEs6eqGSwG35AkdoIZSJ3KUhqUO8jHQApzR8AEt4_u6q0EiAWL5NvKS5IFBAgEGAGSBQQIBRgEoAYCgAeWgehmqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwHyBwUQ9-LwBdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WNm3jIXEn4cDmglQaHR0cHM6Ly9wY2FwcC5zdG9yZS8_YXA9YWR3JmFzPWdfZF93aXRob3V0X3NvZnR3YXJlX2luJmRtW2Fkc109bmV3X3N0YXRpY19zdHJpcGWACgHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA9gTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi03NjU5NDE0NzY0MzU2Mjg0GACyGAkSArBTGAIiAQDoGAE&sigh=N5vzbh5VIdk&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLEYAQ&nis=6 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Attribution-Reporting-Eligible: event-source=navigation-source, trigger Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668% [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: test_cookie=CheckForPermission
2024-07-11 17:40:04 UTC	1532	IN	HTTP/1.1 302 Found P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Content-Security-Policy: script-src 'none'; object-src 'none' Location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xf0ec15a140ecdba70000000000000000","2":"0x957e7acd867d1bf50000000000000000","3":"0xef6170b214cb26cf0000000000000000","4":"0xcd33498a2216fec20000000000000000","5":"0x57842189d280aef40000000000000000"},"debug_key":"10005485044268261887","debug_reporting":true,"destination":"https://pcapp.store","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["858128210"],"22":["true"],"4":["07-11"],"6":["true"]},"priority":"500","source_event_id":"4947124843537760113"}&andc=true Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:04 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: IDE=AHWqTUlvRmiponZ36ulFlS4J7B8sxzVKrb8n2CzqIvZXG2_l3xKMY_3X45uiNhsIKfA; expires=Sat, 11-Jul-2026 17:40:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Set-Cookie: test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49815	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:03 UTC	2953	OUT	GET /pagead/adview?ai=C6hJM8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5AFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHKDgOV7Hz0ssS-tC1snx5DWxMp6YRC6nJ3H9CaXYh-V0D9zEZlnzABIyA167aBIgFxOXE1E6SBQQIBBgBkgUECAUYBKAGAoAHnYeOmQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBDTjC3SCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljg1I6FxJ-HA5oJOGh0dHBzOi8vY2FwaXRhbG9uZXNob3BwaW5nLmNvbS9qb2luLWNhcGl0YWwtb25lLXNob3BwaW5ngAoByAsB2gwRCgsQ8IaU-97Mm6jsARICAQPYEwzQFQGAFwGyFxwKGggAEhRwdWItNzY1OTQxNDc2NDM1NjI4NBgAshgFGAIiAQDoGAE&sigh=wfCMA8jNnbo&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVIYAQ&nis=6 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Attribution-Reporting-Eligible: event-source=navigation-source, trigger Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C310 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: test_cookie=CheckForPermission
2024-07-11 17:40:04 UTC	1542	IN	HTTP/1.1 302 Found P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Content-Security-Policy: script-src 'none'; object-src 'none' Location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xc243b8a4b5ef361c0000000000000000","2":"0x56c01445c54fe71a0000000000000000","3":"0x568992d6d4126b310000000000000000","4":"0xfcad26b663103b270000000000000000","5":"0x8c1e6e9eb9fc07a60000000000000000"},"debug_key":"416649566823872097","debug_reporting":true,"destination":"https://capitaloneshopping.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["752647243"],"22":["true"],"4":["07-11"],"6":["true"]},"priority":"500","source_event_id":"13376603055546710449"}&andc=true Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:04 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; expires=Sat, 11-Jul-2026 17:40:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Set-Cookie: test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49823	142.250.186.68	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:04 UTC	798	OUT	GET /pagead/drt/ui HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:05 UTC	426	IN	HTTP/1.1 302 Found Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Cache-Control: private Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:05 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49824	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:04 UTC	3042	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&bgload=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C310 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w
2024-07-11 17:40:05 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:05 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49831	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:05 UTC	903	OUT	GET /pagead/drt/si?st=NO_DATA HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w
2024-07-11 17:40:06 UTC	664	IN	HTTP/1.1 200 OK Cross-Origin-Resource-Policy: cross-origin P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:06 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: DSID=NO_DATA; expires=Thu, 11-Jul-2024 18:40:06 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Expires: Thu, 11 Jul 2024 17:40:06 GMT Cache-Control: private Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49830	142.250.186.68	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:05 UTC	798	OUT	GET /pagead/drt/ui HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:06 UTC	426	IN	HTTP/1.1 302 Found Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Cache-Control: private Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:06 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49832	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:05 UTC	1533	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&bgload=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w
2024-07-11 17:40:06 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:06 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49838	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:06 UTC	917	OUT	GET /pagead/drt/si?st=NO_DATA HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:07 UTC	664	IN	HTTP/1.1 200 OK Cross-Origin-Resource-Policy: cross-origin P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 11 Jul 2024 17:40:07 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: DSID=NO_DATA; expires=Thu, 11-Jul-2024 18:40:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Expires: Thu, 11 Jul 2024 17:40:07 GMT Cache-Control: private Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49840	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:07 UTC	3052	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C310 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:07 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:07 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49841	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:07 UTC	3018	OUT	GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668% [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:07 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:07 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49843	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:08 UTC	1032	OUT	GET /favicon.ico HTTP/1.1 Host: www.burnaware.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.burnaware.com/after-install.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599; __gads=ID=ca85369507f447bd:T=1720719602:RT=1720719602:S=ALNI_MbHtj5QHwOekxUSdDmDxc_7knS1YA; __gpi=UID=00000e799b877b18:T=1720719602:RT=1720719602:S=ALNI_MYL62l_8SiXw2LX6eQ-MMs_GS1OLw; __eoi=ID=27b38297c77e7373:T=1720719602:RT=1720719602:S=AA-AfjahcyA-wmZK3Up08clNIkO2
2024-07-11 17:40:08 UTC	684	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:08 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 01 Feb 2022 18:14:18 GMT ETag: "1536-5d6f8de939280" Accept-Ranges: bytes Content-Length: 5430 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:08 GMT Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/x-icon
2024-07-11 17:40:08 UTC	5430	IN	Data Raw: 00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 09 e3 01 35 09 e3 20 35 09 e3 73 35 09 e3 c4 35 09 e3 a6 35 09 e3 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: & h( @ 55 5s5558

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49844	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:08 UTC	1543	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:08 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:08 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49845	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:08 UTC	1517	OUT	GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:08 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:08 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49846	46.21.150.242	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:09 UTC	776	OUT	GET /favicon.ico HTTP/1.1 Host: www.burnaware.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _gid=GA1.2.1695893049.1720719599; _gat_gtag_UA_4846638_1=1; _ga_R0FFV0Q2KK=GS1.1.1720719598.1.0.1720719598.0.0.0; _ga=GA1.1.2144220585.1720719599; __gads=ID=ca85369507f447bd:T=1720719602:RT=1720719602:S=ALNI_MbHtj5QHwOekxUSdDmDxc_7knS1YA; __gpi=UID=00000e799b877b18:T=1720719602:RT=1720719602:S=ALNI_MYL62l_8SiXw2LX6eQ-MMs_GS1OLw; __eoi=ID=27b38297c77e7373:T=1720719602:RT=1720719602:S=AA-AfjahcyA-wmZK3Up08clNIkO2
2024-07-11 17:40:09 UTC	684	IN	HTTP/1.1 200 OK Date: Thu, 11 Jul 2024 17:40:09 GMT Server: Apache/2 Strict-Transport-Security: max-age=31536000; includeSubDomains; Content-Security-Policy: upgrade-insecure-requests; Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 01 Feb 2022 18:14:18 GMT ETag: "1536-5d6f8de939280" Accept-Ranges: bytes Content-Length: 5430 Cache-Control: max-age=31536000 Expires: Fri, 11 Jul 2025 17:40:09 GMT Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: geolocation=(),fullscreen=(self) Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Content-Type: image/x-icon
2024-07-11 17:40:09 UTC	5430	IN	Data Raw: 00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 09 e3 01 35 09 e3 20 35 09 e3 73 35 09 e3 c4 35 09 e3 a6 35 09 e3 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: & h( @ 55 5s5558

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49847	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:09 UTC	3052	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C310 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:09 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:09 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49848	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:09 UTC	3018	OUT	GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668% [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:09 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:09 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49853	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:10 UTC	1543	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:10 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:10 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49852	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:10 UTC	1517	OUT	GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:10 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:10 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49856	142.250.186.68	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:10 UTC	796	OUT	GET /recaptcha/api2/aframe HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.burnaware.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-11 17:40:11 UTC	847	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Embedder-Policy: require-corp Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} Expires: Thu, 11 Jul 2024 17:40:11 GMT Date: Thu, 11 Jul 2024 17:40:11 GMT Cache-Control: private, max-age=300 Content-Security-Policy: script-src 'report-sample' 'nonce-W8t17d_2VnJO32tKcuuxTA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-11 17:40:11 UTC	543	IN	Data Raw: 33 33 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 57 38 74 31 37 64 5f 32 56 6e 4a 4f 33 32 74 4b 63 75 75 78 54 41 22 3e 2f 2a 2a 20 41 6e 74 69 2d 66 72 61 75 64 20 61 6e 64 20 61 6e 74 69 2d 61 62 75 73 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 20 6f 6e 6c 79 2e 20 53 65 65 20 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 20 2a 2f 20 74 72 79 7b 76 61 72 20 63 6c 69 65 6e 74 73 3d 7b 27 73 6f 64 61 72 27 3a 27 68 Data Ascii: 33d<!DOCTYPE HTML><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><script nonce="W8t17d_2VnJO32tKcuuxTA">/** Anti-fraud and anti-abuse applications only. See google.com/recaptcha */ try{var clients={'sodar':'h
2024-07-11 17:40:11 UTC	293	IN	Data Raw: 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 72 63 3a 3a 62 22 29 3a 22 22 29 3b 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 64 29 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 22 72 63 3a 3a 65 22 2c 70 61 72 73 65 49 6e 74 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 72 63 3a 3a 65 22 29 7c 7c 30 29 2b 31 29 3b 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 22 72 63 3a 3a 68 22 2c 27 31 37 32 30 37 31 39 36 31 31 30 31 30 27 29 3b 7d 7d 7d 63 61 74 63 68 28 62 29 7b 7d 7d 29 3b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 22 5f 67 72 65 63 61 70 74 63 68 61 5f 72 65 61 64 79 22 2c 20 22 2a 22 Data Ascii: torage.getItem("rc::b"):"");window.document.body.appendChild(d);sessionStorage.setItem("rc::e",parseInt(sessionStorage.getItem("rc::e")\|\|0)+1);localStorage.setItem("rc::h",'1720719611010');}}}catch(b){}});window.parent.postMessage("_grecaptcha_ready", "*"
2024-07-11 17:40:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49861	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:13 UTC	3052	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C310 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:13 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:13 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49862	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:13 UTC	3018	OUT	GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668% [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:13 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:13 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49867	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:16 UTC	1543	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:16 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:16 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49866	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:16 UTC	1517	OUT	GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:16 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:16 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49868	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:19 UTC	3052	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=4885406380&adk=3369854836&adf=3132389021&pi=t.ma~as.4885406380&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720153543&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2Fafter-install.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598792&bpp=4&bdt=2944&idt=1496&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=139266055133&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=904098654&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=758&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31085139%2C44795922%2C95334508%2C95334526%2C95334828%2C31078663%2C310 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:19 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:19 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49869	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:19 UTC	3018	OUT	GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7659414764356284&output=html&h=280&slotname=1141602494&adk=1033356805&adf=3132389021&pi=t.ma~as.1141602494&w=930&abgtt=3&fwrn=4&fwrnh=100&lmt=1720442382&rafmt=1&format=930x280&url=https%3A%2F%2Fwww.burnaware.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1720719598740&bpp=5&bdt=514&idt=1554&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8080801241025&frm=20&pv=2&ga_vid=2144220585.1720719599&ga_sid=1720719600&ga_hid=1775643552&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=997&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95334511%2C95334525%2C95334578%2C95334828%2C95337195%2C31078663%2C31078665%2C31078668% [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:19 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:19 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49870	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:20 UTC	1543	OUT	GET /pagead/interaction/?ai=CP6Gn8hiQZvaxBOOMjuwP06Sd8AKgkpCceJbpje3KEsTChYOzQhABIKfewCpgyQagAcv48eYCyAECqAMByAPJBKoE5wFP0AvnF8je12xQ9XcDyGGAGMGaKBLst-6_m3CSwVD8UKF53xbETwktTg5VjDYfmMqPw-l5i_fHWtsmcLfYEYNxLHW0Nk2Vd5LguWIZrL4b0cxIx5kmBjooZdtmDvtBcxncwBAgexh_fiQHh3eOv3ScqPh2cPzvKhVVTd_2ElKYg9cAj-Ui-JVEGaVbxClqsmgHxtB1Z-z5hbMrqDWllcIhVjXI8hB3yVpx3wFkRua-ytGDDVsLiPEWfqJC1OFHajovxQQ0VcXSfYZwCUCxnjtkrSIYJbEmOdx-oe_y2HEbQNOGmLwpDmHABIyA167aBIgFxOXE1E6gBgKAB52HjpkBqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIIJgiA4YBgEAEYHzICywI6CYBAgMCAgICgKEi9_cE6WODUjoXEn4cDsQlg6CR0SwaUbYAKAZgLAcgLAdoMEQoLEPCGlPvezJuo7AESAgEDqg0CVVPIDQHYEwzQFQH4FgGAFwGyGAUYAiIBAOgYAQ&sigh=BQT1J-br5HY&cid=CAQSTwDaQooLfXSvAwYlxgfF3yqRZiIN8qnU0U4GHr7Fzr9-FbUqS5kdmb0SE1rEIbLQQL1KdWEuTE1j7kOVhaJbWfbgvYNjwjytjCiN0OwplVI&label=window_focus&gqid=8hiQZvbpA_CTjuwP44esoA0&qqid=CPbyjoXEn4cDFWOGgwcdU1IHLg&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:20 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:20 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49871	172.217.18.2	443	2252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-11 17:40:20 UTC	1517	OUT	GET /pagead/interaction/?ai=Cu5J98hiQZvKbAquT1PIPs-uWgAHtxLb8eJCu5oqVE6idiedHEAEgp97AKmDJBqAB0v6XmQPIAQKoAwHIA8kEqgTPAU_QXiTzLwLGxXj59LNIeOIN1KbK3FLLM2_7j5f4vr9TOnAG46NIUNVSnnAFqFZphvLEBgBZzORhxvSdQp4mYlLJ0Ix9o6CZrfWTtTkgxgML1Dfc6fa-sCbJQDQynRaCSqFiyqnILgfHGJX-oCWBtObB7LneES7W0TEiFBtNcF8QSpQGu3JqJDUMoSpn7knoUgAC2wNR909edM-6ch6h1nzvyWabFu9kM4hR5yluMP49NP6ImwNONgUMUZsKbguTnLVuvLu2F9AS3b8G9hq7wMAEt4_u6q0EiAWL5NvKS6AGAoAHloHoZqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQKoB-qxsQKoB5m1sQKoB763sQKoB_jCsQKoB_vCsQLYBwHSCCYIgOGAYBABGB8yAssCOgmAQIDAgICAoChIvf3BOljZt4yFxJ-HA7EJ5WIFqJlhtieACgGYCwHICwHaDBEKCxCwkd-Y7sW_oqEBEgIBA6oNAlVTyA0B2BMM0BUBmBYB-BYBgBcBshgJEgKwUxgCIgEA6BgB&sigh=h6IJ0EUoVko&cid=CAQSTwDaQooLmU4THGgNQW2rnbpPvCIcB7LJEGZ6utOyMZS9oIML7lIBifn8BAsW8IS0Z7aMU5O6n_duwdtpjoqAxldnEFaGNIPllzAuIJMGkLE&label=window_focus&gqid=8hiQZs7MAferjuwPt7ugmAE&qqid=CPLcjIXEn4cDFasJVQgds7UFEA&fg=1 HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUl_KDeCNIgPcabcAP4LjdzVVDepa01pyB2qsWtC_zOcD9h7soQMcx9cqzFCK9w; DSID=NO_DATA
2024-07-11 17:40:20 UTC	625	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 11 Jul 2024 17:40:20 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	13:39:01
Start date:	11/07/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe"
Imagebase:	0x400000
File size:	8'728'608 bytes
MD5 hash:	A6D83330743EDCFF48A85DFA1013FDAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	13:39:01
Start date:	11/07/2024
Path:	C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-KJUBI.tmp\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.tmp" /SL5="$20422,8156847,189952,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe"
Imagebase:	0x400000
File size:	1'255'424 bytes
MD5 hash:	B3937B0F947BBEB9F93859803C6FD14E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	13:39:36
Start date:	11/07/2024
Path:	C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe"
Imagebase:	0x400000
File size:	894'336 bytes
MD5 hash:	9AA0F5A7FBC6F7A2E6FEAF78F8E6B7D7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	13:39:36
Start date:	11/07/2024
Path:	C:\Users\user\AppData\Local\Temp\7zSC67062FB\installer.exe
Wow64 process (32bit):	true
Commandline:	.\installer.exe
Imagebase:	0xd70000
File size:	1'626'360 bytes
MD5 hash:	4D66DE397B5BF1F085AA7046A578A34C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	13:39:36
Start date:	11/07/2024
Path:	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\7zSC67062FB\GenericSetup.exe
Imagebase:	0x320000
File size:	46'840 bytes
MD5 hash:	1F4C6E7D827B980005B2C9C057018BD0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 2%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	13:39:51
Start date:	11/07/2024
Path:	C:\Program Files (x86)\BurnAware Free\BurnAware.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\BurnAware Free\BurnAware.exe"
Imagebase:	0x400000
File size:	1'350'360 bytes
MD5 hash:	08E8163EBA464CB7AE6F2B3A0BE3B291
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	13:39:51
Start date:	11/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/after-install.html
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	13:39:52
Start date:	11/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1964,i,5267843284858548281,2508834487575541351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	13:39:56
Start date:	11/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.burnaware.com/
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	13:39:57
Start date:	11/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1984,i,11324425676366746094,4243451825565655753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	16.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	17

Executed Functions

Function 004148D4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32 ref: 004148FA

Part of subcall function 004157C8: HeapCreate.KERNELBASE(00000000,00001000,00000000,00414932,00000001), ref: 004157D9
Part of subcall function 004157C8: HeapDestroy.KERNEL32 ref: 00415818

GetCommandLineA.KERNEL32 ref: 0041495A
GetStartupInfoA.KERNEL32(?), ref: 00414985
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004149A8

Part of subcall function 00414A01: ExitProcess.KERNEL32 ref: 00414A1E

Strings

`&, xrefs: 00414974
(5[, xrefs: 00414960

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
String ID: (5[$`&
API String ID: 2057626494-973151930
Opcode ID: d0b0bc6d91067fd433c2cc4b1856fc531dfd5f25a3beb9f48f66dbad23e013fe
Instruction ID: fb65514f2d73941f5fb5fe300876562abb5c146ee9b99336205dd39c2cb12ef3
Opcode Fuzzy Hash: d0b0bc6d91067fd433c2cc4b1856fc531dfd5f25a3beb9f48f66dbad23e013fe
Instruction Fuzzy Hash: BD219EB19407159FDB14EFB6DC46AEE7BB8EF44704F10412FF910AB291DB3C89818A58

Function 00405434 Relevance: 3.0, APIs: 2, Instructions: 44
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405414: FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F

FindFirstFileW.KERNELBASE(?,?,000000FF), ref: 00405497

Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A

FindFirstFileA.KERNEL32(?,?,000000FF), ref: 00405467

Part of subcall function 0040551C: __EH_prolog.LIBCMT ref: 00405521

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: Find$FileFirstH_prolog$Close
String ID:
API String ID: 3335342080-0
Opcode ID: 01ff4a9bc94c78cd279a0d863a54892268cf469c718bfc53d66ce16def007dff
Instruction ID: 44fa9ff84b7e7cb6f1e8d7f9ea47a8a098aa0700a3472251c04f15a334366322
Opcode Fuzzy Hash: 01ff4a9bc94c78cd279a0d863a54892268cf469c718bfc53d66ce16def007dff
Instruction Fuzzy Hash: 33014830401505ABCF20AF64DC456EE7779DF51329F20827AE855672D1D73C9A85CF98

Function 00401014 Relevance: 48.0, APIs: 8, Strings: 19, Instructions: 715
windowsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00401A7B: GetVersionExA.KERNEL32(?), ref: 00401A95

GetCommandLineW.KERNEL32(00000003,00000003,00000003,00000003,?,00000000), ref: 0040108B

Part of subcall function 004038D7: __EH_prolog.LIBCMT ref: 004038DC

Part of subcall function 0040460B: __EH_prolog.LIBCMT ref: 00404610
Part of subcall function 0040460B: GetModuleFileNameA.KERNEL32(00400000,?,00000105,00000000,00000000), ref: 00404649

Part of subcall function 0040237B: __EH_prolog.LIBCMT ref: 00402380

Part of subcall function 00402340: __EH_prolog.LIBCMT ref: 00402345

Part of subcall function 00403DE4: __EH_prolog.LIBCMT ref: 00403DE9

MessageBoxW.USER32(00000000,?,?,00000010), ref: 004015DE
ShellExecuteExA.SHELL32(0000003C,?,00000001,?,?,00000003,?,00000003,00420240,;!@InstallEnd@!,?,00000003,00000000,00000002,00420278,00000003), ref: 004016D5
MessageBoxW.USER32(00000000,?,?,00000024), ref: 004012FF

Part of subcall function 00410EC0: MessageBoxW.USER32(00000000,?,7-Zip,00000010), ref: 00410EC9

Part of subcall function 00402EFE: __EH_prolog.LIBCMT ref: 00402F03

CloseHandle.KERNEL32(?,?,00000000), ref: 004019A8
WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 004019C7
CloseHandle.KERNEL32(?,?,00000000), ref: 004019CE

Strings

setup.exe, xrefs: 004017B9
Title, xrefs: 0040120B
%%T\, xrefs: 00401803
, xrefs: 004016DB
;!@Install@!UTF-8!, xrefs: 00401172
Can not open file, xrefs: 004016ED
%%T, xrefs: 00401832
Can't load config info, xrefs: 00401185
Config failed, xrefs: 004011F7
;!@InstallEnd@!, xrefs: 0040116D
D, xrefs: 00401886
<, xrefs: 0040166A
ExecuteFile, xrefs: 004013DA
Directory, xrefs: 004012A2
Can not load codecs, xrefs: 00401529
ExecuteParameters, xrefs: 0040141A
Can not find setup.exe, xrefs: 004017DB
Can not create temp folder archive, xrefs: 004014DD
RunProgram, xrefs: 0040139A

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog$Message$CloseHandle$CommandExecuteFileLineModuleNameObjectShellSingleVersionWait
String ID: $%%T$%%T\$;!@Install@!UTF-8!$;!@InstallEnd@!$<$Can not create temp folder archive$Can not find setup.exe$Can not load codecs$Can not open file$Can't load config info$Config failed$D$Directory$ExecuteFile$ExecuteParameters$RunProgram$Title$setup.exe
API String ID: 785510900-2114487665
Opcode ID: be0f136c17497620e252495012a06a56f9c730f0146b67232a4872c444f0591d
Instruction ID: f92d1a5b025e5f1856d93d01be2b226abe75c3e6546c85d9ed47549f0c040395
Opcode Fuzzy Hash: be0f136c17497620e252495012a06a56f9c730f0146b67232a4872c444f0591d
Instruction Fuzzy Hash: 485228719002199ACF25EFA5DC82AEDBB75AF04308F1040BFE156721F2DA395B86CF58

Function 0040AB05 Relevance: 14.2, APIs: 9, Instructions: 682
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 0040AB0A

Part of subcall function 0040D5A3: __EH_prolog.LIBCMT ref: 0040D5A8

Part of subcall function 004130E0: InitializeCriticalSection.KERNEL32(?,?,?,00000000,00000000), ref: 0041310E

DeleteCriticalSection.KERNEL32(?), ref: 0040AD3E
DeleteCriticalSection.KERNEL32(?), ref: 0040AFCB
DeleteCriticalSection.KERNEL32(?), ref: 0040B036
DeleteCriticalSection.KERNEL32(?), ref: 0040B093
DeleteCriticalSection.KERNEL32(?), ref: 0040B1A2
DeleteCriticalSection.KERNEL32(?), ref: 0040B1FC
DeleteCriticalSection.KERNEL32(?,?,?,00000004,00000004), ref: 0040B271
DeleteCriticalSection.KERNEL32(?), ref: 0040B303

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CriticalSection$Delete$H_prolog$Initialize
String ID:
API String ID: 3452124646-0
Opcode ID: 53ff4eaa71f930fd4966fc49476664da3d82c19ee4ae63da8a12ea1bfaad2ad0
Instruction ID: 4c9a54a47b38b58bbaef36bcc828af5c6ca02983ed7c574d3216c54edcd042c8
Opcode Fuzzy Hash: 53ff4eaa71f930fd4966fc49476664da3d82c19ee4ae63da8a12ea1bfaad2ad0
Instruction Fuzzy Hash: FC627E7090024ADFDB14DFA5C944BDEBBB4FF14308F1080AEE805B7291DB789A49DB99

Function 004051B7 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 004051C5
GetTickCount.KERNEL32 ref: 004051D0
GetCurrentProcessId.KERNEL32(?,00000000,?,?,00405334,?,00000000,?,00000003,00000003,00000000,00000000,00000003,?,00000000), ref: 004051DB
GetTickCount.KERNEL32 ref: 00405240
SetLastError.KERNEL32(000000B7,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00405273
GetLastError.KERNEL32(00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00405299

Part of subcall function 004049F4: CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13

Strings

.tmp, xrefs: 00405257
d, xrefs: 004052AE

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CountCurrentErrorLastTick$CreateDirectoryProcessThread
String ID: .tmp$d
API String ID: 3074393274-2797371523
Opcode ID: 2fda1539db0041318063c64b288010cc5c4c3aedaa5e381c7d8f696092406eab
Instruction ID: 4fab17955b769304b7d1cf71853489b42ead9ac2cf2e2055059d54e7646dac87
Opcode Fuzzy Hash: 2fda1539db0041318063c64b288010cc5c4c3aedaa5e381c7d8f696092406eab
Instruction Fuzzy Hash: CC31C1326506009BDB10ABA098897EF7760EFA5315F14807FE902BB2D2D77C9842CF99

Function 004083AB Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 328
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004083B0

Strings

Unknown error, xrefs: 00408671, 00408676
X3B, xrefs: 004086A4

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID: Unknown error$X3B
API String ID: 3519838083-1496835351
Opcode ID: 47f253f86f2cbe6f5ea7b7729e7e95f0c02779c145a6591478a86d185b5344b5
Instruction ID: 10ffca09dccd2053a4a89f972bfe6bbc607f2b880b0d523777cfa28ffc571443
Opcode Fuzzy Hash: 47f253f86f2cbe6f5ea7b7729e7e95f0c02779c145a6591478a86d185b5344b5
Instruction Fuzzy Hash: 89D16070900219EFCF05DFA4C984ADEBB74BF48304F14846EE846BB2D1DB78AA45CB95

Function 00405620 Relevance: 4.6, APIs: 3, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00405625

Part of subcall function 00405434: FindFirstFileA.KERNEL32(?,?,000000FF), ref: 00405467

GetLastError.KERNEL32(?,?,00000000,?,00000001), ref: 00405653

Part of subcall function 00405414: FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: Find$CloseErrorFileFirstH_prologLast
String ID:
API String ID: 364955512-0
Opcode ID: 7af81683b2bbd08a4e7907554c6bd4d0585e29ef0a2842fee04aea0eda1a8d3a
Instruction ID: 04b13d9487752735ca5a27f2fc382c225ef0a6c39b2ce108fc8834fd1c85259b
Opcode Fuzzy Hash: 7af81683b2bbd08a4e7907554c6bd4d0585e29ef0a2842fee04aea0eda1a8d3a
Instruction Fuzzy Hash: F0418E36900519AACF14FBA5D942AEFBB75EF14308F10403AE412772E1DB795E41DEA8

Function 00416A88 Relevance: 4.6, APIs: 3, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,00416A73,?,00000000,00000000,004149BD,00000000,00000000), ref: 00416A9D
TerminateProcess.KERNEL32(00000000,?,00416A73,?,00000000,00000000,004149BD,00000000,00000000), ref: 00416AA4
ExitProcess.KERNEL32 ref: 00416B25

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 1437901adbb6f5f79383b87a45eea3dcfdbbe1126ab2fc144c657422388fb5ba
Instruction ID: 0e18a92ac83ca44edc126e9bc7105b1bfa7f20768c24b30c438cbd3485978612
Opcode Fuzzy Hash: 1437901adbb6f5f79383b87a45eea3dcfdbbe1126ab2fc144c657422388fb5ba
Instruction Fuzzy Hash: FC010432304220ABDA21AF29FC82A9A7BE4FF45355B52803FF541A3151CB3CE8C1CA5D

Function 0040280E Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 384
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00402813

Part of subcall function 00402D81: EnterCriticalSection.KERNEL32(?,?,?,00409336), ref: 00402D86
Part of subcall function 00402D81: LeaveCriticalSection.KERNEL32(?,?,?,?,00409336), ref: 00402D90

Strings

.@, xrefs: 00402A17, 00402C0B, 00402C67

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CriticalSection$EnterH_prologLeave
String ID: .@
API String ID: 367238759-2582305824
Opcode ID: 577924c8c0bac586da650f1e85d0a83bbc87ffed532ab8f3eca2ba2db10ea84e
Instruction ID: fb4838387da9abac6519c3a0e173b295c4de01f89ec6b6ed0d4ee3fc8d60aaac
Opcode Fuzzy Hash: 577924c8c0bac586da650f1e85d0a83bbc87ffed532ab8f3eca2ba2db10ea84e
Instruction Fuzzy Hash: F3F1DF70900248DFCF14EFA5C985ADEBBB4AF54308F10807EE446B72E1DB785A85DB19

Function 004030FC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00403101

Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625

Part of subcall function 00404A3E: __EH_prolog.LIBCMT ref: 00404A43

Part of subcall function 004092E6: __EH_prolog.LIBCMT ref: 004092EB

Strings

Default, xrefs: 00403213

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID: Default
API String ID: 3519838083-753088835
Opcode ID: 0fc91ddac6c1b16fe72a6cc7b41e2781a7216c9bd00a9ca8bd5645336c638fb0
Instruction ID: 203c82e13c85383a660d5cb73dbb10af46e9aa8c77eacbcc0267a4e11568a844
Opcode Fuzzy Hash: 0fc91ddac6c1b16fe72a6cc7b41e2781a7216c9bd00a9ca8bd5645336c638fb0
Instruction Fuzzy Hash: E4514E75900209EFDB14EFA5D8819EEBBB8FF18308F00456EE556772D1DB38AA06CB14

Function 00404A3E Relevance: 3.2, APIs: 2, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00404A43
GetLastError.KERNEL32(?,?,?,00000000), ref: 00404ACB

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ErrorH_prologLast
String ID:
API String ID: 1057991267-0
Opcode ID: cf2054507fd1ee53753d2eae408e5b803be4a538542d8802e2091fe77905cd97
Instruction ID: 397979b183d08822f23b565ee303c4952bc02ec102e27be1c48eee89bea9c2ad
Opcode Fuzzy Hash: cf2054507fd1ee53753d2eae408e5b803be4a538542d8802e2091fe77905cd97
Instruction Fuzzy Hash: 1E5105719441099ACF10EBA5C942AFEBB75AF91308F11017FE602731E1DB3DAE46CB99

Function 00408755 Relevance: 3.1, APIs: 2, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 0040875A
GetLastError.KERNEL32(?,00000000,?,?,00000000,?,?,0040893F,?,?,00000000,004149B4,?,?,?,00000000), ref: 004087E8

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ErrorH_prologLast
String ID:
API String ID: 1057991267-0
Opcode ID: 9241e159634e285d8ed2c067ddd4a586d7e54c47a3761db9d9a9d26607b46551
Instruction ID: 0128b321cd566d1ceb50e896689a501b942dab3b414a73cd3b5e456030195100
Opcode Fuzzy Hash: 9241e159634e285d8ed2c067ddd4a586d7e54c47a3761db9d9a9d26607b46551
Instruction Fuzzy Hash: EE317C719012499FCB10DF95CE849AEBBB0FF44314B24817FE496B7292CB388D40DB69

Function 0041468E Relevance: 3.0, APIs: 2, Instructions: 45
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416CCC: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00416DC2

CreateThread.KERNELBASE(00000000,00000003,004146F9,00000000,00000000,?), ref: 004146CF
GetLastError.KERNEL32(?,?,?,00413009,00000000,00000000,004032CA,?,00000000,00000000,?,00402FAB,?,00000000,?), ref: 004146D9

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: AllocCreateErrorHeapLastThread
String ID:
API String ID: 3580101977-0
Opcode ID: 0374611688ca75c4551dea276e5d424cbadff3ac534dbe24837146ca9d20d13e
Instruction ID: 928dc59a5e1d7113ba94efa25a55b36d47ae035f635b84aed830f8a2a3c61c12
Opcode Fuzzy Hash: 0374611688ca75c4551dea276e5d424cbadff3ac534dbe24837146ca9d20d13e
Instruction Fuzzy Hash: D6F02D362006156BCB209F66EC019DB3BA5EF81375F10402EF958C2290DF3DC8914BAC

Function 00405892 Relevance: 3.0, APIs: 2, Instructions: 45
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405905: FindCloseChangeNotification.KERNELBASE(00000000,000000FF,004058A0,?,?,00000000), ref: 00405910

CreateFileW.KERNELBASE(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004058EF

Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A

CreateFileA.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004058CB

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CreateFile$ChangeCloseFindH_prologNotification
String ID:
API String ID: 3273702577-0
Opcode ID: 34b674e9a04a5ff3e8c8923f5916708bcc46c4f31befc859c171c75614de22e6
Instruction ID: 7cb04d8d1853a58e30318ad4c29bda14cf4b58fee7e46fc4002fe1391b6e6e2b
Opcode Fuzzy Hash: 34b674e9a04a5ff3e8c8923f5916708bcc46c4f31befc859c171c75614de22e6
Instruction Fuzzy Hash: 4F01287240020AFFCF11AFA4DC45C9B7F6AEF08364B10853AF991661A1D73699A1EF94

Function 00404C29 Relevance: 3.0, APIs: 2, Instructions: 32
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00404965: SetFileAttributesA.KERNEL32(?,00000000,?,00000003,?,00000000), ref: 00404985

DeleteFileW.KERNELBASE(?,?,00404DF4,?,00000000,?,?,?,?,?,00000000), ref: 00404C68

Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A

DeleteFileA.KERNEL32(00000000,?,00404DF4,?,00000000,?,?,?,?,?,00000000), ref: 00404C52

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: File$Delete$AttributesH_prolog
String ID:
API String ID: 2228796961-0
Opcode ID: 2a851ada320448840f081fdf09e03eccb137fd278eb5091bc1926aea873404c1
Instruction ID: 42beaf350199a5bd001275db4dd2e0c02934a82ca565cbb3bb09e1eddbc7cd64
Opcode Fuzzy Hash: 2a851ada320448840f081fdf09e03eccb137fd278eb5091bc1926aea873404c1
Instruction Fuzzy Hash: A9F0ECB5A0912067EF107B35AC05A9B3B594BC3314B12C17B9D11732E5EB388E06D6CD

Function 00404965 Relevance: 3.0, APIs: 2, Instructions: 31COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,00000000,?,00000003,?,00000000), ref: 0040499C

Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A

SetFileAttributesA.KERNEL32(?,00000000,?,00000003,?,00000000), ref: 00404985

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: AttributesFile$H_prolog
String ID:
API String ID: 3790360811-0
Opcode ID: 5366c93646a32060bc4a1fe11ea500c12b8b92d1211a98e2b8e7846322785de3
Instruction ID: f078d443d6654451da1bdd33dee3a4941b810ca2709c1c0422ffd448cadfd8b3
Opcode Fuzzy Hash: 5366c93646a32060bc4a1fe11ea500c12b8b92d1211a98e2b8e7846322785de3
Instruction Fuzzy Hash: 12E0E5B19002106BCB302B749C08AD73F6CCB82314B108177E816B72D0DA388E06C6D9

Function 004049F4 Relevance: 3.0, APIs: 2, Instructions: 31COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A2C

Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A

CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CreateDirectory$H_prolog
String ID:
API String ID: 2325068607-0
Opcode ID: a1e0d02f5bfc64bfc09281de4819c2c8931d1b3daee1640bd6a36795e0d5f738
Instruction ID: e8b418caba4fa0c83fd0f6cce2293bab18ef6c4fa53c548cc4c0ebfda5fe1645
Opcode Fuzzy Hash: a1e0d02f5bfc64bfc09281de4819c2c8931d1b3daee1640bd6a36795e0d5f738
Instruction Fuzzy Hash: 3CE0E570B002006BDB206B64AC05B977B68CB41709F104176E902F71D0DA78DE01DA9C

Function 004157C8 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,00414932,00000001), ref: 004157D9

Part of subcall function 00415680: GetVersionExA.KERNEL32 ref: 0041569F

HeapDestroy.KERNEL32 ref: 00415818

Part of subcall function 00415825: HeapAlloc.KERNEL32(00000000,00000140,00415801,000003F8), ref: 00415832

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: Heap$AllocCreateDestroyVersion
String ID:
API String ID: 2507506473-0
Opcode ID: 0d18dfc85a1640e6673d81f03e6c6359104a03ea7de3319d0e450716895a192f
Instruction ID: ed3d0d0d9fb025b00032fbfed5580f0a7fafafb3549905f7ec75d8b7e0a93aa3
Opcode Fuzzy Hash: 0d18dfc85a1640e6673d81f03e6c6359104a03ea7de3319d0e450716895a192f
Instruction Fuzzy Hash: 6CF06530A54B01EEDF207B706C867EA2B90EB84795F60483BF401D81A0EB7884D1D659

Function 00405970 Relevance: 3.0, APIs: 2, Instructions: 30COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040598B
GetLastError.KERNEL32(?,?,?,?), ref: 00405999

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 4eb004f5f0e538f15da8fb4a4b1192dc0e26d9ca4b62000b247bbe798b79ae76
Instruction ID: b27308c8a3af6e3091502473baf333c9532b4c6e1f366657fcb3ad1a7c3590d9
Opcode Fuzzy Hash: 4eb004f5f0e538f15da8fb4a4b1192dc0e26d9ca4b62000b247bbe798b79ae76
Instruction Fuzzy Hash: 93F0B7B4500208EFDF04CF94D9458AE7BB5EF49364B208169F815E7390D7359E00DFA9

Function 004055C0 Relevance: 3.0, APIs: 2, Instructions: 29fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(000000FF,?), ref: 004055DB

Part of subcall function 0040551C: __EH_prolog.LIBCMT ref: 00405521

FindNextFileW.KERNELBASE(000000FF,?), ref: 004055FE

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: FileFindNext$H_prolog
String ID:
API String ID: 524997802-0
Opcode ID: 26f81b83f3e3a567db28d78fc237f9a2291a4ac5dbec3a4cffcc7580e78677c1
Instruction ID: f88545c4c3033384066cb33420412ee943e7b897f65897311185cc0eb0e0c251
Opcode Fuzzy Hash: 26f81b83f3e3a567db28d78fc237f9a2291a4ac5dbec3a4cffcc7580e78677c1
Instruction Fuzzy Hash: 8DF0B430500508ABDF20EF21CC44BFF3768EB51308F5040B6D408A21A0E7399D49CF9D

Function 004049AF Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

RemoveDirectoryW.KERNELBASE(?,00000003,?,00000000), ref: 004049E2

Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A

RemoveDirectoryA.KERNEL32(00000000,?,00000003,?,00000000), ref: 004049CB

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: DirectoryRemove$H_prolog
String ID:
API String ID: 2658828398-0
Opcode ID: 201279a7814ea4a167199a037cedd6b46e8dfc642ab05cbb30dc3898fd1609e1
Instruction ID: 4961395adc401f2522103f4a6ac6059727e4e6f3804ef102d625a61c1e6559d1
Opcode Fuzzy Hash: 201279a7814ea4a167199a037cedd6b46e8dfc642ab05cbb30dc3898fd1609e1
Instruction Fuzzy Hash: 82E092B4A001046BDF106B35AC0669B7BA8DB41359B10427ADD13B61E1DA788E05DAD8

Function 00404F2C Relevance: 3.0, APIs: 2, Instructions: 27COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNELBASE(?,?,00000000), ref: 00404F62

Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A

SetCurrentDirectoryA.KERNEL32(00000000,00000000,?,00000000), ref: 00404F48

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CurrentDirectory$H_prolog
String ID:
API String ID: 3531555294-0
Opcode ID: 37bd0973ac103fd303293487a19168a5ccebfcf95a8c4f288a103cb7951a30b5
Instruction ID: 9edf083e53dd0555a3085cbe496080ff7240eda39e21aa363a26468641b3ea5b
Opcode Fuzzy Hash: 37bd0973ac103fd303293487a19168a5ccebfcf95a8c4f288a103cb7951a30b5
Instruction Fuzzy Hash: 75E02630B400093FDF112F78EC4A9AA3BB89B40309F10427AB403E20E1EF38CA48CA48

Function 0040B98F Relevance: 2.0, APIs: 1, Instructions: 515COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040B994

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 6c23f50496e65b3ca560bc6ad6661ef703fabc81de4c7ebfafbc0beace10094d
Instruction ID: 4fbed39282daa38b1d3be95d0829f5567439209fdd6a1d56e89862dfcbe45c3a
Opcode Fuzzy Hash: 6c23f50496e65b3ca560bc6ad6661ef703fabc81de4c7ebfafbc0beace10094d
Instruction Fuzzy Hash: 05324B70904249DFDB10DFA8C584BDEBBB0AF58304F1441AEE845B7382DB78AE45CB99

Function 0040888F Relevance: 1.9, APIs: 1, Instructions: 374COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00408894

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: f8f61f009d3daf8c2db6a732b574bcd6eafb3dea196858b7c2c201f5376d76a6
Instruction ID: dff2ad87a4df39db6f8fa6ff6a697358cee08fb6a23258ae47e5232e80a59da3
Opcode Fuzzy Hash: f8f61f009d3daf8c2db6a732b574bcd6eafb3dea196858b7c2c201f5376d76a6
Instruction Fuzzy Hash: FFE16E70904249DFDF10DFA4C988AAEBBB4AF48314F2444AEE556F7391CB389E45CB25

Function 0040E7F4 Relevance: 1.8, APIs: 1, Instructions: 255COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040E7F9

Part of subcall function 0040F836: __EH_prolog.LIBCMT ref: 0040F83B

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 498aaecf194758b2187a7f377388585577334c9b398a12de9558ebeea3154d22
Instruction ID: 639e188e3e769c4c76ba7ddc7be71c767d86a570cac8f7036ff280b2304c1e48
Opcode Fuzzy Hash: 498aaecf194758b2187a7f377388585577334c9b398a12de9558ebeea3154d22
Instruction Fuzzy Hash: 5DC13670900259DFDB14DFA5C985BDEBBB4BF14308F1480AEE945B7282CB786A48CF65

Function 0040F449 Relevance: 1.7, APIs: 1, Instructions: 207COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040F44E

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 7053a18d867c794380ddb73d5154a26bfb4cc56ca4d452b1cbce9de2fd1904e6
Instruction ID: 37dc011919f3b1358f9a833e213d0996983958fb9ee029613f358e4c9ba25a45
Opcode Fuzzy Hash: 7053a18d867c794380ddb73d5154a26bfb4cc56ca4d452b1cbce9de2fd1904e6
Instruction Fuzzy Hash: 3C815C70E00605ABCB24DFA5C881AEEFBB1BF48304F14453EE445B3791D739A949CB99

Function 00408D5E Relevance: 1.7, APIs: 1, Instructions: 151COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00408D63

Part of subcall function 00408F0B: __EH_prolog.LIBCMT ref: 00408F10

Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A

Part of subcall function 00403981: __EH_prolog.LIBCMT ref: 00403986

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: fe4f4b855b35ad50f10ad9ecf2bf615057988214f71ae465a5f778489ccae84a
Instruction ID: 2e5fef73c4a961ecd91826de13bda49669b7ee5ae1afd1ab178ba291f64b6413
Opcode Fuzzy Hash: fe4f4b855b35ad50f10ad9ecf2bf615057988214f71ae465a5f778489ccae84a
Instruction Fuzzy Hash: E5516D7190060AEFCF11DFA5C984A9EBBB4BF08314F10462EE556B72D1CB789A45CFA4

Function 0040DB62 Relevance: 1.6, APIs: 1, Instructions: 146COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040DB67

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 6102bc3ab49ae424949eee4761875b821dd30f392df23a536a372274e60046df
Instruction ID: 67e57bbcfb5e62c28ba97e2c762051c7e2fb602a8ee489b014dcb5d1e96c76cd
Opcode Fuzzy Hash: 6102bc3ab49ae424949eee4761875b821dd30f392df23a536a372274e60046df
Instruction Fuzzy Hash: DA419EB1E042059BEB14DF99C985ABEB7B5FF48304F14453EE402B7381D7B8A945CBA8

Function 0040CD84 Relevance: 1.6, APIs: 1, Instructions: 143COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040CD89

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 305c79b04e93cb02db0d94eb430663c97d837b050eba01e1428f85ec3b32050d
Instruction ID: 716710645470f9cf712b82a1641bf3e3a23618a4fc30be00c3c641d866b01c52
Opcode Fuzzy Hash: 305c79b04e93cb02db0d94eb430663c97d837b050eba01e1428f85ec3b32050d
Instruction Fuzzy Hash: 3151C531804146DFCB15CB68C4D4AEE7771EF48348F14827BE8167B2D2D6399A06DBEA

Function 00401B11 Relevance: 1.6, APIs: 1, Instructions: 132COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00401B16

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 4a7b8dc75b00dab3078b6f2c0b685c16519ae0cc3006f02a661cb725d39e4b70
Instruction ID: dc66995ee082b2e59fd72de07b50a9d1ecefa8465c91578acc64d6d85ae5b981
Opcode Fuzzy Hash: 4a7b8dc75b00dab3078b6f2c0b685c16519ae0cc3006f02a661cb725d39e4b70
Instruction Fuzzy Hash: 7A51D071C042499FDF21DFA4C940BEEBBB4AF05394F14416AE851732E2E7789A41CB68

Function 00402EFE Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00402F03

Part of subcall function 0040335F: __EH_prolog.LIBCMT ref: 00403364

Part of subcall function 004034CC: __EH_prolog.LIBCMT ref: 004034D1

Part of subcall function 00403086: __EH_prolog.LIBCMT ref: 0040308B
Part of subcall function 00403086: ShowWindow.USER32(004149B4,00000001,000001F4,00000000,?,?,00000000,00000003,00000000,00000000), ref: 004030E4

Part of subcall function 00412FB0: CloseHandle.KERNEL32(00000000,00000000,0040301E,?,?,00000000,00000003,?,00000000,?,?,00000003,00000000,00000000), ref: 00412FBA
Part of subcall function 00412FB0: GetLastError.KERNEL32(?,00000003,00000000,00000000), ref: 00412FC4

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog$CloseErrorHandleLastShowWindow
String ID:
API String ID: 2740091781-0
Opcode ID: 2da83f7b0348b558eb037d8fcbbe5e82633db5724e115f0790e5db2222500163
Instruction ID: 576321bfec054c9ee934bf83a6d4a944d332aa9064831fab6676e01313dc7821
Opcode Fuzzy Hash: 2da83f7b0348b558eb037d8fcbbe5e82633db5724e115f0790e5db2222500163
Instruction Fuzzy Hash: FF419C71900248DBCB11EFA5C991AEDBBB4AF04304F1080BFE90AB72D2DA785B45CB59

Function 0040C557 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040C55C

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 039900a8d840d8f65cf18cf377fd5bff5d9e595a8fad608146d0eb9be483e555
Instruction ID: 41554ca9dc53ee1e5d6d797d633c48513fe02739bc2a4d97afccdd4c6a3ff44e
Opcode Fuzzy Hash: 039900a8d840d8f65cf18cf377fd5bff5d9e595a8fad608146d0eb9be483e555
Instruction Fuzzy Hash: 89416C71A00645DFCB24CF68C48486ABBF1FF48314B244AAED096AB791C731ED46CF91

Function 0040CF82 Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040CF87

Part of subcall function 0040F6E0: __EH_prolog.LIBCMT ref: 0040F6E5

Part of subcall function 0040D0A6: __EH_prolog.LIBCMT ref: 0040D0AB

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 247e6e783af1532b670e604df5ee4666ee67329ca8b2db34e45a1f618534d241
Instruction ID: 59bb91874275df73172cd70bf395014d1b371f9bee4586dc4e729df687399cc5
Opcode Fuzzy Hash: 247e6e783af1532b670e604df5ee4666ee67329ca8b2db34e45a1f618534d241
Instruction Fuzzy Hash: 87319630D01248DFCB11DFA9C548BEDBBB5AF15308F14406EE8457B381C7789A49DB66

Function 00404C7B Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00404C80

Part of subcall function 0040538E: __EH_prolog.LIBCMT ref: 00405393

Part of subcall function 00404D9D: __EH_prolog.LIBCMT ref: 00404DA2

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 6dc72206bd245cafb2647911a64ba6ec257f94c4ecccb129c79ed8e8911a3498
Instruction ID: 0660a226a4e50fecb0653b81f11b46c6c2fd203e4307a3c605ba457459dc5c86
Opcode Fuzzy Hash: 6dc72206bd245cafb2647911a64ba6ec257f94c4ecccb129c79ed8e8911a3498
Instruction Fuzzy Hash: C1318F75900208AADF05FBB5E8426EEBB75AF81318F10403FE452332D2DA781B46DE59

Function 004061BF Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004061C4

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 0a32dfb97eb38f68acb4646e97dd4d13ceed46f781b2d933bb6fe13a2a73ca49
Instruction ID: a24cbab5944e5cd80d4d0b45cab95027a2511e7323fd1c0fe5e5f9bfcab47c11
Opcode Fuzzy Hash: 0a32dfb97eb38f68acb4646e97dd4d13ceed46f781b2d933bb6fe13a2a73ca49
Instruction Fuzzy Hash: 97218F71A05246DBCB24FFA5C44046FB7A1AB4130472285BFE053772C1C738AE61CB6A

Function 00413C73 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00413D5A

Part of subcall function 004154DA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415517
Part of subcall function 004154DA: EnterCriticalSection.KERNEL32(?,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415532

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CriticalSection$AllocateEnterHeapInitialize
String ID:
API String ID: 1616793339-0
Opcode ID: cdeed90e400f99c9328ec8b59033d7a90e074e0a5ab5361bfbc3574a04fde8a1
Instruction ID: 026ee179866774db734838c78619ddc809868a86b22b68076f663e2312d1f49b
Opcode Fuzzy Hash: cdeed90e400f99c9328ec8b59033d7a90e074e0a5ab5361bfbc3574a04fde8a1
Instruction Fuzzy Hash: D4219772A00605EBDB10DF69EC42BDA7764FB00765F20411BF421EB6D0D77CAAC28A9C

Function 00413D6F Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074), ref: 00413E43

Part of subcall function 004154DA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415517
Part of subcall function 004154DA: EnterCriticalSection.KERNEL32(?,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415532

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CriticalSection$EnterFreeHeapInitialize
String ID:
API String ID: 641406236-0
Opcode ID: 841176424f551508ca039d1f5d574a0052902f767b8dc575c65ddda1a9f22b4e
Instruction ID: 5a14261a50f2f4ae8fe925cd7ff68077a924e970bbdc1eb83d0c2eed9fb11c58
Opcode Fuzzy Hash: 841176424f551508ca039d1f5d574a0052902f767b8dc575c65ddda1a9f22b4e
Instruction Fuzzy Hash: 2421C272901705FADB10AF96DC02BDE7BB8EB04725F24012BF414B21C0D77C9AC08AA9

Function 004052CF Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004052D4

Part of subcall function 004050EE: __EH_prolog.LIBCMT ref: 004050F3
Part of subcall function 004050EE: GetTempPathA.KERNEL32(00000105,?,00000000,?,00000000), ref: 00405127

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog$PathTemp
String ID:
API String ID: 3652545363-0
Opcode ID: 1ef5fa40e20091595c8a07c7add8e04f0ea87ba7b14c6b9ab7bd2a47fc7370d7
Instruction ID: 884fa5787797a708672a5e156f09df22a5f972d3b51e26f7068c24b8b673b68a
Opcode Fuzzy Hash: 1ef5fa40e20091595c8a07c7add8e04f0ea87ba7b14c6b9ab7bd2a47fc7370d7
Instruction Fuzzy Hash: 5211A3759401059ACF00EFA5C552AEFBBB8EF95348F14402FE841732D1C7B90A49DE54

Function 00409DFC Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00409E01

Part of subcall function 004099F1: __EH_prolog.LIBCMT ref: 004099F6

Part of subcall function 00409A39: __EH_prolog.LIBCMT ref: 00409A3E

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: e2be988a2ed4eac1d18d94ffb3dcbee280352d40f72ce7d9b7b55f505c73744e
Instruction ID: 728224cdcdeea9a50de84ff331f734dd83e0a6071a74e90d77f9a4778d081c57
Opcode Fuzzy Hash: e2be988a2ed4eac1d18d94ffb3dcbee280352d40f72ce7d9b7b55f505c73744e
Instruction Fuzzy Hash: 931182B0A01254DADB09EBAAC1153DDFBF59FA1318F54415F9552732C2CBF82B0487A6

Function 00409070 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00409075

Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A

Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625

Part of subcall function 00413B0D: RaiseException.KERNEL32(00000003,00000000,00000003,?,00000003,?,00000003,00000000,00000000,00401055,00000003,?,00000000), ref: 00413B3B

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog$ExceptionRaise
String ID:
API String ID: 2062786585-0
Opcode ID: 17dae63e629c91cb1e915b62325b494edd8ae92648c1e9e6482c4593510b450f
Instruction ID: c87fc69b1ce411278b5c4cd36917e57d7785db396d8ca4da128de4c157d2198f
Opcode Fuzzy Hash: 17dae63e629c91cb1e915b62325b494edd8ae92648c1e9e6482c4593510b450f
Instruction Fuzzy Hash: 1601D2B5A402049ECB10EF26C451ADEBBB1FF84314F10852FE896A32E1CB796649CB54

Function 00404D9D Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00404DA2

Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A

Part of subcall function 00404C7B: __EH_prolog.LIBCMT ref: 00404C80

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 18405f4c0d880bec3e922aa4c9b5ff5099531c36fa8d11a3d65d4747df157ff4
Instruction ID: c12cd56ed1da6f8f3309a170c4af404c99ee060c25f5595f7f47df5e0c6ff15a
Opcode Fuzzy Hash: 18405f4c0d880bec3e922aa4c9b5ff5099531c36fa8d11a3d65d4747df157ff4
Instruction Fuzzy Hash: 8701F2B2904004DFCB09EF54D952BEDBB70AF59308F00402EE102772E2CB794B4ADA58

Function 004027A7 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004027AC

Part of subcall function 004049F4: CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CreateDirectoryH_prolog
String ID:
API String ID: 3554458247-0
Opcode ID: 1d6ed87279fcce4dfaa36ce39d8da3d177537eb6a1ece7d61f11b0fb4062048b
Instruction ID: aa96bd448e9fa33173a2259148c0e22656dcd3e9b7c7d25cba760d9f6e75f00f
Opcode Fuzzy Hash: 1d6ed87279fcce4dfaa36ce39d8da3d177537eb6a1ece7d61f11b0fb4062048b
Instruction Fuzzy Hash: 55F03C729005069BCB05EB5AC8429EEBBB5EF94308F10403FE152775E2DA786986DB94

Function 00406297 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040629C

Part of subcall function 004061BF: __EH_prolog.LIBCMT ref: 004061C4

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 6c2e6a82ad44a3596cf000a5615c5b739901b0aaac1cec813de11ba17f646bcd
Instruction ID: d002f29cd99a7d9c36b9a014c837f136803fcb54798139eb5382dd41199f51d8
Opcode Fuzzy Hash: 6c2e6a82ad44a3596cf000a5615c5b739901b0aaac1cec813de11ba17f646bcd
Instruction Fuzzy Hash: 2BF03A72A00218EFDB15DF94CC01BEEB779FB48315F10816AB422E72D0C7798A10CB14

Function 0040C96C Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040C971

Part of subcall function 0040C9E3: __EH_prolog.LIBCMT ref: 0040C9E8

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 97d13476a1578dbbb8b7321e23e8bd518515a52fd3c7649a69e8943f484a5e8b
Instruction ID: 180fbe891bab88941c19a906eef3a01802dada044b7360aafa1ebd8752043cfb
Opcode Fuzzy Hash: 97d13476a1578dbbb8b7321e23e8bd518515a52fd3c7649a69e8943f484a5e8b
Instruction Fuzzy Hash: 66F0FCB0911640DEC719EB74D1153DDFBB4AF55308F50419E9956736C2CFB81708C765

Function 00405BFB Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32(?), ref: 00405C13

Part of subcall function 00413B0D: RaiseException.KERNEL32(00000003,00000000,00000003,?,00000003,?,00000003,00000000,00000000,00401055,00000003,?,00000000), ref: 00413B3B

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: AllocExceptionRaiseString
String ID:
API String ID: 1415472724-0
Opcode ID: 585828f0663470c28d012fa7c31560623ec32af21cf032640c5ea50ac41654d0
Instruction ID: bf266c775eafc0cd132ea201270a7534faa964ceb55315cc87c56e89072e7831
Opcode Fuzzy Hash: 585828f0663470c28d012fa7c31560623ec32af21cf032640c5ea50ac41654d0
Instruction Fuzzy Hash: B7E06D32200708A7CB20AF65D84198B7BE8FF00385B10C43FF949DA240E779E9808BD8

Function 00405800 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00405805

Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d031f65d966fd76414b5e485b8cf5b0e5999cd66b44c505832369a9b765ef076
Instruction ID: a0f610f1b5e032532ed1cec3649959bf66a41b4e8af70f58d5593db508bcf515
Opcode Fuzzy Hash: d031f65d966fd76414b5e485b8cf5b0e5999cd66b44c505832369a9b765ef076
Instruction Fuzzy Hash: 46E04FB3D410049ACB05EB65E9527EDB378EF61319F50407FE412735D18B381F09CA58

Function 00405B29 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00405B4C

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: f685ec6030a7cae57bc9182c2f64f11e19c4f82e6ad9756b6e5eb0af141a467c
Instruction ID: fda623b9c22c7fd134ddab0a411968f0e63156441233f4ee367e8c40c556ab77
Opcode Fuzzy Hash: f685ec6030a7cae57bc9182c2f64f11e19c4f82e6ad9756b6e5eb0af141a467c
Instruction Fuzzy Hash: 17E0E575640208FBCB11CFA5C801B8E7BF9EB08354F20C169F914AA260D739EA11DF54

Function 0040C931 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040C936

Part of subcall function 0040C96C: __EH_prolog.LIBCMT ref: 0040C971

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 2f93a48584fc243b76bceec8380402125645ced17a7c1bf7a60211c0ce45116c
Instruction ID: 8adf79bcf0a25fb823e60414124b99f072840e3085735b9c49c9779a3d641231
Opcode Fuzzy Hash: 2f93a48584fc243b76bceec8380402125645ced17a7c1bf7a60211c0ce45116c
Instruction Fuzzy Hash: 6EE01A71811620EBC724EF58C4456DEB7B4EF08725F00875EA4E6B36D1C7B8AE40CB94

Function 004147B4 Relevance: 1.5, APIs: 1, Instructions: 20threadCOMMON

Download Yara Rule

APIs

ExitThread.KERNEL32 ref: 004147E9

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ExitThread
String ID:
API String ID: 2158977761-0
Opcode ID: 6c939c18724e7789034020813005a1b29b75e21fb5f5d6c1b381c2503cc8d902
Instruction ID: 835638d51d7e690d80ddf8f11569568d1c7a5f433119f1d0283a2071334468ba
Opcode Fuzzy Hash: 6c939c18724e7789034020813005a1b29b75e21fb5f5d6c1b381c2503cc8d902
Instruction Fuzzy Hash: CDE08C32900925AADB223BA1DC06AEE3620AF81394F00002BF8146A5A0DBA88CD186D9

Function 0040F6E0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040F6E5

Part of subcall function 0040F449: __EH_prolog.LIBCMT ref: 0040F44E

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 0c00a6b9b995e6d122d0d1e5645fdc19a4d57d2469026a55dc4bfd6035115874
Instruction ID: 32d4a89d334c2aba7f1f5d27adfa0c04a02a885b7174eb98eed18e47b0b867f7
Opcode Fuzzy Hash: 0c00a6b9b995e6d122d0d1e5645fdc19a4d57d2469026a55dc4bfd6035115874
Instruction Fuzzy Hash: 1DD012B2515104FBD7109F45D842BDEBBB8EB51369F10813BF00171540D37D5644966A

Function 00405A1D Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(000000FF,00000000,?,?,00000000,000000FF,?,00405A68,00000000,?,00000000,?,00405A8E,00000000,?,00000000), ref: 00405A33

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 7899785fd51540d5028ce756fcdedcbfaef9db2fe3ec3db1f53401f618f66a8a
Instruction ID: 33e006b7c7266c94de2827aaddd493f3c8d551b448fa911b85e4ce9a1db514e9
Opcode Fuzzy Hash: 7899785fd51540d5028ce756fcdedcbfaef9db2fe3ec3db1f53401f618f66a8a
Instruction Fuzzy Hash: A4E0EC75200208FBCB01CF91CC05FCE7BB9FB49754F208058E90596160C375AA14EB54

Function 004147BF Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON

Download Yara Rule

APIs

ExitThread.KERNEL32 ref: 004147E9

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ExitThread
String ID:
API String ID: 2158977761-0
Opcode ID: 24773d02a99502e401f88b35345ffc50176b794b148236fecf9e645f2ac90187
Instruction ID: b4e95b568d212fcbc8e7df7edbfd3446e029e3f46d4ca6baaecf21535c38ed65
Opcode Fuzzy Hash: 24773d02a99502e401f88b35345ffc50176b794b148236fecf9e645f2ac90187
Instruction Fuzzy Hash: 2AD0A732600E25AAD6223771DC467EF2244AF81795B04012BF818895A0DFA8CDC145DD

Function 00405414 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: f0ce2bef5821c107b9489e8e4dd061de71a9af92eaf728c2451e2811c290832d
Instruction ID: ad963fc5273d8b9d86916b47fb17bcd605870b12c06d71a74b716dd917e87850
Opcode Fuzzy Hash: f0ce2bef5821c107b9489e8e4dd061de71a9af92eaf728c2451e2811c290832d
Instruction Fuzzy Hash: D4D0123151453157CA641E7C7848AD333D99A1637537157AAF4B4D32E0D3749CC34A98

Function 00405905 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,000000FF,004058A0,?,?,00000000), ref: 00405910

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 9cbe10086181c6cf337a739c26a2519d1510d6718cc7d35307e3d92904545fb4
Instruction ID: c924a9121967eb2c43d42ee71539138ee39fbcc7c8c6d5ba34c486a20a6e0004
Opcode Fuzzy Hash: 9cbe10086181c6cf337a739c26a2519d1510d6718cc7d35307e3d92904545fb4
Instruction Fuzzy Hash: 93D0127151456197CE742E7C78445C337D8DA463303311B6BF4B0D32E0D3748D835A98

Function 00405AFC Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON

Download Yara Rule

APIs

SetFileTime.KERNELBASE(?,?,?,?,00405B26,00000000,00000000,?,00402E13,?), ref: 00405B0A

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: FileTime
String ID:
API String ID: 1425588814-0
Opcode ID: 2b6a10e293fa4a8bd52839064a41e39e160aca85d3804aec240939be71bd967c
Instruction ID: 4beff7ba357006865f39a04876becaa9faf69e640e246345c6c1d8862761ec95
Opcode Fuzzy Hash: 2b6a10e293fa4a8bd52839064a41e39e160aca85d3804aec240939be71bd967c
Instruction Fuzzy Hash: 29C04C36159106FF8F120F70CC04D1ABFA2EF99311F10C958B165C5070C7328024EB52

Function 00406F81 Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 00406FB2

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CriticalLeaveSection
String ID:
API String ID: 3988221542-0
Opcode ID: f2ff9836336f67d9ff12deaf62cc92e2eac5b33916cf9d308384194b51d8e0a8
Instruction ID: f67714d9ecc1d8948c13ee62ab2841b601ff43f092b08abc37504173b9cf6405
Opcode Fuzzy Hash: f2ff9836336f67d9ff12deaf62cc92e2eac5b33916cf9d308384194b51d8e0a8
Instruction Fuzzy Hash: B7F0BE32A001459FCF119FA0D80898ABF65EF55314B0184ABF9169B251C338C820DF60

Function 00412FF0 Relevance: 1.3, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

Part of subcall function 0041468E: CreateThread.KERNELBASE(00000000,00000003,004146F9,00000000,00000000,?), ref: 004146CF
Part of subcall function 0041468E: GetLastError.KERNEL32(?,?,?,00413009,00000000,00000000,004032CA,?,00000000,00000000,?,00402FAB,?,00000000,?), ref: 004146D9

GetLastError.KERNEL32(?,?,00000003,00000000,00000000), ref: 00413018

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ErrorLast$CreateThread
String ID:
API String ID: 665435222-0
Opcode ID: fdfffcc17890bcc66e85f81167f5a4f4e376ab203a2f001e3d39f9f51099ce04
Instruction ID: 8241f09584fde1b7b47d6c8a5a56a0c389c2bf5d01a37efb599b640c9bda9e89
Opcode Fuzzy Hash: fdfffcc17890bcc66e85f81167f5a4f4e376ab203a2f001e3d39f9f51099ce04
Instruction Fuzzy Hash: 4EE086B22042126AE310DF509C05FE76ADCDB94B05F00443EB944C6184EB64CA40C3A9

Function 00410F40 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00020000,00001000,00000004,004103C8), ref: 00410F51

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 91e70fcb83806e64083a323eb2e3944731c0f93bc5a264736d7e7e867113384b
Instruction ID: 07720a170ef6d50c918e2da5ca2fe5f7ddfb2e687cae5d42b3df39ad5892c3a5
Opcode Fuzzy Hash: 91e70fcb83806e64083a323eb2e3944731c0f93bc5a264736d7e7e867113384b
Instruction Fuzzy Hash: DDB012B039138075FF7843208C1FFE71200A340B87F0080A8BB05D81C4E7D064C0501C

Function 00410F60 Relevance: 1.3, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,00000000,00008000,0040664A,?,00406624), ref: 00410F6C

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 1327e01bd96d07ee7a5a75ed87afd8ac78764046635013dfe708143c48cadece
Instruction ID: a132bef15ba7b425f1065e5a097c2bb543b957559febc4b94616fea76008790a
Opcode Fuzzy Hash: 1327e01bd96d07ee7a5a75ed87afd8ac78764046635013dfe708143c48cadece
Instruction Fuzzy Hash: 3BB0123424120031ED7807200C1AB5711005701701F10C1183102642C087D4B440450C

Non-executed Functions

Function 004180F0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,0041772A,?,Microsoft Visual C++ Runtime Library,00012010,?,0041BD34,?,0041BD84,?,?,?,Runtime Error!Program: ), ref: 00418102
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0041811A
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0041812B
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00418138

Strings

MessageBoxA, xrefs: 00418114
user32.dll, xrefs: 004180FD
GetActiveWindow, xrefs: 00418125
GetLastActivePopup, xrefs: 0041812D

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: 595171f737e70550edc5abd38f068ead7bf618b78638dd3ba3c6e0fb0d2712e4
Instruction ID: 415fa372477fd235fe75ca2ef0ffa9dc0df8c28a9075a0eab2fce08d3bc4b09a
Opcode Fuzzy Hash: 595171f737e70550edc5abd38f068ead7bf618b78638dd3ba3c6e0fb0d2712e4
Instruction Fuzzy Hash: F5012572700241BF87219FB5AD849DBBAE9EB49751354443FB504C2220DB7CC9C39B69

Function 0040E38E Relevance: 1.7, APIs: 1, Instructions: 246COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040E393

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: ef3f0dd97c369c2370b5d413364e2112772f158c67037ae1847bc74799d93c78
Instruction ID: 6f1b27b05ce828494dcdc0ca2a3df983f9883c238a6bb878f092976797e95433
Opcode Fuzzy Hash: ef3f0dd97c369c2370b5d413364e2112772f158c67037ae1847bc74799d93c78
Instruction Fuzzy Hash: 68A1EB70E002099BCB18DF96C8919AEB7B2FF94318F14883FE915A7391D738AD52CB55

Function 0041561A Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000155D4), ref: 0041561F

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: c73d5215fbd9f9fa44ce3c8db65af6300706d886bcb472667e49ab47f89b2735
Instruction ID: 5929198a1c1d143ebb6d47ac1dc9c369120d6613942f0ebcbf50c4dd8c3cbf29
Opcode Fuzzy Hash: c73d5215fbd9f9fa44ce3c8db65af6300706d886bcb472667e49ab47f89b2735
Instruction Fuzzy Hash: 57A001B5A41605DA8A209F60A8095C5BE62A689B42B608166A811E5268DFB812419A69

Function 0041562C Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00415631

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 80fdf592cfe35f6ca0a49e156fc06359dfcc477da488757324292bdf2a3d88f1
Instruction ID: 3aa75b883a8314cf8793ebdd48d7cbf343a2d53b1036c531b3b3a2656884bc9f
Opcode Fuzzy Hash: 80fdf592cfe35f6ca0a49e156fc06359dfcc477da488757324292bdf2a3d88f1
Instruction Fuzzy Hash:

Function 00412480 Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
Instruction ID: f7c307c9948f0502eef9bcc932476d7ce99f20ff48e31f419bd1d6f291c9dace
Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
Instruction Fuzzy Hash: BD023A72A042114BC71DCE18C6902B9BBE2FBD5350F110A3FE496D7A84D7B8D8E5CB99

Function 00416076 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction ID: 6f6e9ae2f3605818a2c8e7767e34e4a9399a597c595f09bc79f2493b2d2310b3
Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction Fuzzy Hash: 3EB17C7590120ADFDB15CF04C5D0AE9BBA1FF58318F25C1AEC85A4B382C735EA86CB94

Function 004039C8 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b1b8b3e4e9aa519cc0883e8f2e9399227ae21cf5f78173f93e12a8e0ced7762
Instruction ID: 7f21fa5966f3e8744179bfb474c2758024c7c669c00a9d4920a80f5d7b425c19
Opcode Fuzzy Hash: 8b1b8b3e4e9aa519cc0883e8f2e9399227ae21cf5f78173f93e12a8e0ced7762
Instruction Fuzzy Hash: D621427E370D0607A71C8B6AAD336B921D1E38430A7C8A03DE64BC53C1EE6DD595C60D

Function 00418CC1 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
Instruction ID: 99a347de7b16eca0cbeab8721e5afb4e5ad46217b84f2e64c48f172e38bf97ef
Opcode Fuzzy Hash: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
Instruction Fuzzy Hash: 2B21C83290062547C702DE6DF4845A7F391FBD4369F134727ED8467291C629A854D6E0

Function 00418D9B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
Instruction ID: 71e75c779d64757812c6fa0593de5e91038406040dd0a6985e9d44633d38c26d
Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
Instruction Fuzzy Hash: BC2137725105258BC701DF2DF4886B7B3E1FFD4319F638A3BD8818B1C1CA29D881D694

Function 004185ED Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,0041BE00,00000001,00000000,00000000,74DEE860,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 0041862F
LCMapStringA.KERNEL32(00000000,00000100,0041BDFC,00000001,00000000,00000000,?,?,0041848E,?,?,?,00000000,00000001), ref: 0041864B
LCMapStringA.KERNEL32(?,?,?,0041848E,?,?,74DEE860,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 00418694
MultiByteToWideChar.KERNEL32(?,VB,?,0041848E,00000000,00000000,74DEE860,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 004186CC
MultiByteToWideChar.KERNEL32(00000000,00000001,?,0041848E,?,00000000,?,?,0041848E,?), ref: 00418724
LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,0041848E,?), ref: 0041873A
LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,0041848E,?), ref: 0041876D
LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,0041848E,?), ref: 004187D5

Strings

VB, xrefs: 004186BD, 004186C8

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID: VB
API String ID: 352835431-2416070386
Opcode ID: 003663a998c404720e509784b904756e9dc21287fecc91c3ae78f0538cf30181
Instruction ID: 75fdc42d4ca3b2d5695a32d80f34dcfea13c9c9e1b2be43f5f9a41df7731755a
Opcode Fuzzy Hash: 003663a998c404720e509784b904756e9dc21287fecc91c3ae78f0538cf30181
Instruction Fuzzy Hash: A6515F31900609EFCF218F65CC45EEF7FB5FB48754F20412AF925A12A0D7398991DBA9

Function 004172DF Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 004172FA
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 0041730E
GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 0041733A
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0041496A), ref: 00417372
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0041496A), ref: 00417394
FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,0041496A), ref: 004173AD
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 004173C0
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004173FE

Strings

jIA, xrefs: 004173A8, 0041739A

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide
String ID: jIA
API String ID: 1823725401-2590053038
Opcode ID: dcd9eacb03994a91aa73d6441958e3731b9086dbddb026e1bfa459d91ea586b1
Instruction ID: 8edd1d2af646b02ed721f394ba4169bf36ee68eca66066dd640126c456dfff16
Opcode Fuzzy Hash: dcd9eacb03994a91aa73d6441958e3731b9086dbddb026e1bfa459d91ea586b1
Instruction Fuzzy Hash: 7631D47250C219AFD7317F689C888FB7ABCE649354715053BFD66C3201E6288CC1E2AD

Function 00417606 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00417673
GetStdHandle.KERNEL32(000000F4,0041BD34,00000000,00000000,00000000,?), ref: 00417749
WriteFile.KERNEL32(00000000), ref: 00417750

Strings

<program name unknown>, xrefs: 00417683
Microsoft Visual C++ Runtime Library, xrefs: 0041771F
x*B, xrefs: 00417614
Runtime Error!Program: , xrefs: 004176D9
..., xrefs: 004176C5

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $x*B
API String ID: 3784150691-2083536112
Opcode ID: 9f3ee68eedca8c04870b7c4ba6519361572a149120d3a6d5458ca0bba870cf42
Instruction ID: d3223577c50248063a34d8f4d7298abe086d5d3d0ee639c6b3bd3f24b9ad2996
Opcode Fuzzy Hash: 9f3ee68eedca8c04870b7c4ba6519361572a149120d3a6d5458ca0bba870cf42
Instruction Fuzzy Hash: 5931D2726002186FDF20DA60DD46FDA377DEF89304F5005ABF544D6181EB78AAC48B5D

Function 0041883C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,0041BE00,00000001,?,74DEE860,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 0041887B
GetStringTypeA.KERNEL32(00000000,00000001,0041BDFC,00000001,?,?,0041848E,?,?,?,00000000,00000001), ref: 00418895
GetStringTypeA.KERNEL32(?,?,?,?,0041848E,74DEE860,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 004188C9
MultiByteToWideChar.KERNEL32(?,VB,?,?,00000000,00000000,74DEE860,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 00418901
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,0041848E,?), ref: 00418957
GetStringTypeW.KERNEL32(?,?,00000000,0041848E,?,?,?,?,?,?,0041848E,?), ref: 00418969

Strings

VB, xrefs: 004188F2, 004188FD

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID: VB
API String ID: 3852931651-2416070386
Opcode ID: f366ae1a1c4feb3856e7e49d67d86268e533ee02966d98845c911f14f75699a6
Instruction ID: 0deb4df31157d4fbbd2276260d368b45192e758527c12e7bc8b96f729eb23429
Opcode Fuzzy Hash: f366ae1a1c4feb3856e7e49d67d86268e533ee02966d98845c911f14f75699a6
Instruction Fuzzy Hash: 85418FB2A00209BFCF209F94DC86EEF7F79EB08754F10452AF915D2250C7389991DB99

Function 00417411 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32(?), ref: 0041746F
GetFileType.KERNEL32(?,?,00000000), ref: 0041751A
GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 0041757D
GetFileType.KERNEL32(00000000,?,00000000), ref: 0041758B
SetHandleCount.KERNEL32 ref: 004175C2

Strings

$YB, xrefs: 004174A9

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: FileHandleType$CountInfoStartup
String ID: $YB
API String ID: 1710529072-867103119
Opcode ID: 0f20f78b1d243ceb825b791af9b59c2038ed572102f9f62c4ccf998fd163e942
Instruction ID: 9157860cf2e7af3a35f89051d0ae9de0bf945cd889ae2d4a6076f2c4651d7c80
Opcode Fuzzy Hash: 0f20f78b1d243ceb825b791af9b59c2038ed572102f9f62c4ccf998fd163e942
Instruction Fuzzy Hash: B75135716086019FC720CF28D8897B63BB1EB05338F64466EC566CB6E0DB38C986C75D

Function 00415680 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32 ref: 0041569F
GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 004156D4
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00415734

Strings

__MSVCRT_HEAP_SELECT, xrefs: 004156CF
__GLOBAL_HEAP_SELECTED, xrefs: 0041570E

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: EnvironmentFileModuleNameVariableVersion
String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
API String ID: 1385375860-4131005785
Opcode ID: 352f7edc9f3896d13c070371f2d33d0b51665e116eb32c5a0d287e401f1eefe3
Instruction ID: 6eb182bd46f731c3af8b1d07a07b8df2d0194a1b299ff80343aa6f034c3c884c
Opcode Fuzzy Hash: 352f7edc9f3896d13c070371f2d33d0b51665e116eb32c5a0d287e401f1eefe3
Instruction Fuzzy Hash: 56312671945648EDEB3186706C87BDF3B788B46704F6400DBD199D52C2E6398ECA8B2D

Function 00404908 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36filetimeCOMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000078,.@,00000000,00402AB0,00000000,?,?,?,?), ref: 00404918
CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000,?,?,?,?), ref: 00404934
SetFileTime.KERNEL32(00000000,00000000,?,?,?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000), ref: 0040494B
CloseHandle.KERNEL32(00000000,?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000,?,?,?), ref: 00404957

Strings

.@, xrefs: 00404911

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastTime
String ID: .@
API String ID: 2291555494-2582305824
Opcode ID: 134b82ee1bee937397c61f831c6e8a998fcbb54d8f51f8998ece3d2421389dbd
Instruction ID: b13e78268552c33248838deebc4f257ca571263cc4fefdaa9dfe176c52576776
Opcode Fuzzy Hash: 134b82ee1bee937397c61f831c6e8a998fcbb54d8f51f8998ece3d2421389dbd
Instruction Fuzzy Hash: 66F0E2B12812107BE2201B74BC48F9B6E5CDBCA715F108135B661A21E0C3284D19D7B8

Function 00403A90 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

CharUpperW.USER32(00000000,00000000,?,00000000,00000000,?,00403B58), ref: 00403AAB
GetLastError.KERNEL32(?,00000000,00000000,?,00403B58), ref: 00403AB7
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,?,00000004,00000000,00000000,?,00000000,00000000,?,00403B58), ref: 00403AD2
CharUpperA.USER32(?,?,00000000,00000000,?,00403B58), ref: 00403AEB
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,00000001,?,00000000,00000000,?,00403B58), ref: 00403AFE

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: Char$ByteMultiUpperWide$ErrorLast
String ID:
API String ID: 3939315453-0
Opcode ID: 7c2300f256f82e2aee6372cd28c35fbf20af8ddddc15953858da8d33bcd8cfd2
Instruction ID: dd72d820dddc2be4d64e736f5eaa813d5c8cd4bb6d440344005d5656a272e87c
Opcode Fuzzy Hash: 7c2300f256f82e2aee6372cd28c35fbf20af8ddddc15953858da8d33bcd8cfd2
Instruction Fuzzy Hash: D60144B64002187ADB10ABE49C89DEBBE7CEB04259F014472F952E2281E2796E4487A8

Function 004152F3 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000103,7FFFFFFF,00416CBF,0041798E,00000000,?,?,00000000,00000001), ref: 004152F5
TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 00415303
SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0041534F

Part of subcall function 00416CCC: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00416DC2

TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 00415327
GetCurrentThreadId.KERNEL32 ref: 00415338

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: ErrorLastValue$AllocCurrentHeapThread
String ID:
API String ID: 2020098873-0
Opcode ID: 9020ed6c5573c52789434ca8060b3935b73b18465b1892a80f2ba475462c6b54
Instruction ID: c348f308811c55cc6791f5f2c72cac7d5a6c02788d8c3db17f30136ca92006f7
Opcode Fuzzy Hash: 9020ed6c5573c52789434ca8060b3935b73b18465b1892a80f2ba475462c6b54
Instruction Fuzzy Hash: B4F09632600615ABC6312B70AC096DB3A51EB857E1B15413AF951972A0DB78888197DD

Function 0041843D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(004256E4), ref: 00418463
InterlockedDecrement.KERNEL32(004256E4), ref: 00418478

Strings

VB, xrefs: 0041845C

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: Interlocked$DecrementIncrement
String ID: VB
API String ID: 2172605799-2416070386
Opcode ID: 3f0e7dfc381ab69d5717ddb5ba06b4fa70db5411652d110c580bb33579a080f3
Instruction ID: b2465ecea32c92352f716010131fb348419f683e9d2febfe3e70f5b1b578e6df
Opcode Fuzzy Hash: 3f0e7dfc381ab69d5717ddb5ba06b4fa70db5411652d110c580bb33579a080f3
Instruction Fuzzy Hash: 35F0C232201612EBD720AF56ECC19CF6755EB81326F50843FF00989190DF7899C2995E

Function 0041435F Relevance: 6.5, APIs: 5, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d56ffb8a6685455f091880630799685eddd8ac587d3428563be9e88dd716d36c
Instruction ID: 1ac5c9ddcf095474d6e2a383ff06e8771fc838f6ee07df02b13506851481717d
Opcode Fuzzy Hash: d56ffb8a6685455f091880630799685eddd8ac587d3428563be9e88dd716d36c
Instruction Fuzzy Hash: C891F671D01618ABCF21AB69CC41ADE7BB9EB857A4F240127F814B6290D73D8DC18A6C

Function 0041636C Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,00002020,00420838,00420838,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 0041638D
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 004163B1
VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 004163CB
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000,?), ref: 0041648C
HeapFree.KERNEL32(00000000,00000000,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000,?,00000000), ref: 004164A3

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: AllocVirtual$FreeHeap
String ID:
API String ID: 714016831-0
Opcode ID: 61edb7c5b2a57b73fa0373c8b0061bfd64d3e4def081ef99dbe098b98f3bc666
Instruction ID: 1d273cd761051d77879f543994291e2c1f364a84a1ace75b4c6a1ba38ea4645d
Opcode Fuzzy Hash: 61edb7c5b2a57b73fa0373c8b0061bfd64d3e4def081ef99dbe098b98f3bc666
Instruction Fuzzy Hash: 1D310370640711EFD3309F24DC85BA6B7E4EB84764F12823AE56997791E778E881CB8C

Function 00409504 Relevance: 6.1, APIs: 4, Instructions: 98COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00409509

Part of subcall function 0040935A: EnterCriticalSection.KERNEL32(?,?,?,00409680), ref: 0040935F
Part of subcall function 0040935A: LeaveCriticalSection.KERNEL32(?,?,?,00409680), ref: 00409369

EnterCriticalSection.KERNEL32(?), ref: 00409536
LeaveCriticalSection.KERNEL32(?), ref: 00409552
__aulldiv.LIBCMT ref: 004095A1

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CriticalSection$EnterLeave$H_prolog__aulldiv
String ID:
API String ID: 3848147900-0
Opcode ID: a31f7f313dfc0da48c948196a335c5e8fea939b4dae7cffcd2385e59b1d35c73
Instruction ID: 81a485ad15cb22f282f6c018201ee4179c2b1d1cd2674c5f201a60282c37c453
Opcode Fuzzy Hash: a31f7f313dfc0da48c948196a335c5e8fea939b4dae7cffcd2385e59b1d35c73
Instruction Fuzzy Hash: C6315076A00215AFCB11EF65C8819EFBBB5FF88704F00442AE51673692D779AD41CB64

Function 004047A8 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004047AD
FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,00000000), ref: 004047D1
FormatMessageW.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,00000000), ref: 00404814
LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000,?,00000000), ref: 0040482F

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: FormatMessage$FreeH_prologLocal
String ID:
API String ID: 3392428314-0
Opcode ID: d8114c00c851820dfd69355ab4a5a7d10c3f97c7ff5c1a94d174072509a20bce
Instruction ID: b23ee79e455563f0a2b187c1bc8aea4849c6785c5b1f5abfa42b55bee9ed31b8
Opcode Fuzzy Hash: d8114c00c851820dfd69355ab4a5a7d10c3f97c7ff5c1a94d174072509a20bce
Instruction Fuzzy Hash: 451170B5A00159AFDF01BFA59C419FFBB7DEF44349F00847AE112721E2DB391A01DA68

Function 00409374 Relevance: 6.0, APIs: 4, Instructions: 37windowtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 00413030: SetEvent.KERNEL32(00000000,0040756D), ref: 00413033

GetDlgItem.USER32(?,000003E8), ref: 00409397
LoadIconA.USER32(00000000), ref: 004093B1
SendMessageA.USER32(?,00000080,00000001,00000000), ref: 004093C2
SetTimer.USER32(?,00000003,00000064,00000000), ref: 004093D1

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: EventIconItemLoadMessageSendTimer
String ID:
API String ID: 2758541657-0
Opcode ID: 426d8240eb7a06a459b3f470407d996c0274358d2b71b1374ad8138c79f04d47
Instruction ID: 34d2fc59b34559bed7d893ef409eb69d6d7528a9cba69d030baf66432b50efa3
Opcode Fuzzy Hash: 426d8240eb7a06a459b3f470407d996c0274358d2b71b1374ad8138c79f04d47
Instruction Fuzzy Hash: 4D015A30100B00AFD3319F21DD5AB66BBA1FB04721F008A2DF5A7959F0CB75B942CB48

Function 0040D5A3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040D5A8

Strings

, xrefs: 0040D75F
, xrefs: 0040D787

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: H_prolog
String ID: $
API String ID: 3519838083-227171996
Opcode ID: 74feb26567ea79c8fd9d5f3f589634721b0a9a4a518abdc39c0b6b7ccedab932
Instruction ID: 116f94ee193b6a60a58d4aec76a07daa8eefdeb27c95ac76265691768f75313a
Opcode Fuzzy Hash: 74feb26567ea79c8fd9d5f3f589634721b0a9a4a518abdc39c0b6b7ccedab932
Instruction Fuzzy Hash: CB712431D0020A9FCB24DF99D981AAEB7B1FF48314F20467ED416B7691D734AA8ACF54

Function 00417E5D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,00000000), ref: 00417E71

Strings

, xrefs: 00417EBA
, xrefs: 00417E96

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: Info
String ID: $
API String ID: 1807457897-3032137957
Opcode ID: be8999de8ad5c30073bbd0379d60ad0f54c653f5d04d814f41e486670cb2e0db
Instruction ID: 669041dcfce0968cbe3c51124f50cac4b21f3f9a56807733dc4743f672ff05a2
Opcode Fuzzy Hash: be8999de8ad5c30073bbd0379d60ad0f54c653f5d04d814f41e486670cb2e0db
Instruction Fuzzy Hash: 65417C312482585AEB219714CC49FFB7FF9DB02714F5404E6D149C7153C2794AC6C7BA

Function 00417092 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe,00000104,?,00000000,?,?,?,?,00414974), ref: 004170B5

Strings

C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe, xrefs: 004170A9, 004170B3, 004170D8, 0041710E
(5[, xrefs: 004170BB

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: FileModuleName
String ID: (5[$C:\Users\user\AppData\Local\Temp\is-6NC9Q.tmp\BA002.exe
API String ID: 514040917-1927998450
Opcode ID: 84d053b036df48e784d9c40d8f72a4f01e20f52c816047791c4f4213c32035a1
Instruction ID: bf09e70cde018ed4875ba2e87c80884ade2fb8340569e7ccc03294431e74d33e
Opcode Fuzzy Hash: 84d053b036df48e784d9c40d8f72a4f01e20f52c816047791c4f4213c32035a1
Instruction Fuzzy Hash: 591151B6A00219BFC721EF94DCC1CDBBBBCEB08758B5100ABF50597201EA745F4587A8

Function 00415ECA Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,00415C92,00000000,00000000,00000000,00413CC1,00000000,00000000,?,00000000,00000000,00000000), ref: 00415EF2
HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00415C92,00000000,00000000,00000000,00413CC1,00000000,00000000,?,00000000,00000000,00000000), ref: 00415F26
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00415F40
HeapFree.KERNEL32(00000000,?), ref: 00415F57

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: AllocHeap$FreeVirtual
String ID:
API String ID: 3499195154-0
Opcode ID: 712f9e2f9eec85a92a3a672498402ffd9fd7e765c5a6c8233a1a124cbc29739c
Instruction ID: 8f6381cf99308f7e34b2c2e49534b1224184cafd179dea44f4322364d011a6a4
Opcode Fuzzy Hash: 712f9e2f9eec85a92a3a672498402ffd9fd7e765c5a6c8233a1a124cbc29739c
Instruction Fuzzy Hash: A6114C31300A01EFC7308F59EC86DA6BBB5FB85760791462AF156D69B0D3719887CF58

Function 004154B1 Relevance: 5.0, APIs: 4, Instructions: 12COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154BE
InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154C6
InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154CE
InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154D6

Memory Dump Source

Source File: 00000005.00000002.2137928807.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.2137896930.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137957057.000000000041B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2137990366.0000000000420000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138014805.0000000000422000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138053805.0000000000423000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2138119487.0000000000427000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_BA002.jbxd

Similarity

API ID: CriticalInitializeSection
String ID:
API String ID: 32694325-0
Opcode ID: ec7037d00a0fc94f488d53f3a91d2e26ae03bdd42e29aafad6c46e686e3ec5a2
Instruction ID: a8e831e61b8b61633fe4a4176da74b0e9d16ee726bcd83620c475df078586321
Opcode Fuzzy Hash: ec7037d00a0fc94f488d53f3a91d2e26ae03bdd42e29aafad6c46e686e3ec5a2
Instruction Fuzzy Hash: 0AC00231A11138ABCF312B55FC048463FA6EB852A03518072A1045203186612C12EFD8

Analysis Process: installer.exePID: 1228, Parent PID: 1900COMMON

Execution Graph

Execution Coverage:	12.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	12%
Total number of Nodes:	2000
Total number of Limit Nodes:	93

Executed Functions

Function 00DBFE30 Relevance: 117.3, APIs: 5, Strings: 61, Instructions: 1813COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DC0272
___from_strstr_to_strchr.LIBCMT ref: 00DC027F
_strstr.LIBCMT ref: 00DC03E6
_strstr.LIBCMT ref: 00DC0514

Strings

HEAD, xrefs: 00DBFF6D
%s, xrefs: 00DC02DA
Content-Range: bytes 0-%I64d/%I64d, xrefs: 00DC0884
Host:, xrefs: 00DC01DE, 00DC02A8
%s%s=%s, xrefs: 00DC0C00
Content-Type: application/x-www-form-urlencoded, xrefs: 00DC1164
Internal HTTP POST error!, xrefs: 00DC0EC5
Content-Range: bytes %s/%I64d, xrefs: 00DC08E6
Content-Length:, xrefs: 00DC0DD1, 00DC0F18, 00DC1111
Accept: */*, xrefs: 00DC05F9
Failed sending HTTP request, xrefs: 00DC0D3C
POST, xrefs: 00DBFF83
Range:, xrefs: 00DC07F0
Content-Type:, xrefs: 00DC05C0, 00DC1152
Proxy-Connection:, xrefs: 00DC09A4
Referer:, xrefs: 00DC002B
Accept:, xrefs: 00DC05E7
Could not get Content-Type header line!, xrefs: 00DC0F76
%s HTTP/%s%s%s%s%s%s%s%s%s%s%s%s, xrefs: 00DC0AB6
GET, xrefs: 00DBFF91
Content-Length: 0, xrefs: 00DC103E
Expect:, xrefs: 00DC117C, 00DC1193
Failed sending PUT request, xrefs: 00DC0E5D
User-Agent:, xrefs: 00DBFF99
Failed sending HTTP POST request, xrefs: 00DC141F
Failed sending POST request, xrefs: 00DC0FE9, 00DC106C
Proxy-Connection: Keep-Alive, xrefs: 00DC09B2
Content-Range:, xrefs: 00DC0835
%s , xrefs: 00DC0932
0, xrefs: 00DC12C1, 00DC1395
T", xrefs: 00DC0C6A
%s%s, xrefs: 00DC0C78
Cookie: , xrefs: 00DC0BD0, 00DC0C4C
/, xrefs: 00DC0568
1.0, xrefs: 00DC090B
upload completely sent off: %I64d out of %I64d bytes, xrefs: 00DC14C1
Content-Range: bytes %s%I64d/%I64d, xrefs: 00DC08C5
Range: bytes=%s, xrefs: 00DC0814
;type=, xrefs: 00DC050E
Accept-Encoding:, xrefs: 00DC009E
Referer: %s, xrefs: 00DC0043
100-continue, xrefs: 00DC118E
chunked, xrefs: 00DC012C
Transfer-Encoding:, xrefs: 00DC011A, 00DC0131
Cookie:, xrefs: 00DC0083
T", xrefs: 00DC0BF7
Could only read %I64d bytes from the input, xrefs: 00DC07B5
Transfer-Encoding: chunked, xrefs: 00DC01C2
Accept-Encoding: %s, xrefs: 00DC00D4
ftp://, xrefs: 00DC04E9
;type=%c, xrefs: 00DC0582
ftp://%s:%s@%s, xrefs: 00DC0960
Could not seek stream, xrefs: 00DC069B
%x, xrefs: 00DC1261
Host: %s%s%s:%hu, xrefs: 00DC0394
1.1, xrefs: 00DC0912
PUT, xrefs: 00DBFF8A
File already completely uploaded, xrefs: 00DC078F
Host: %s%s%s, xrefs: 00DC0362
Content-Length: %I64d, xrefs: 00DC0DE7, 00DC0F33, 00DC1127
Chunky upload is not supported by HTTP 1.0, xrefs: 00DC0190

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr_strstr
String ID: %s$%s $%s HTTP/%s%s%s%s%s%s%s%s%s%s%s%s$%s%s$%s%s=%s$%x$/$0$1.0$1.1$100-continue$;type=$;type=%c$Accept-Encoding:$Accept-Encoding: %s$Accept:$Accept: */*$Chunky upload is not supported by HTTP 1.0$Content-Length:$Content-Length: %I64d$Content-Length: 0$Content-Range:$Content-Range: bytes %s%I64d/%I64d$Content-Range: bytes %s/%I64d$Content-Range: bytes 0-%I64d/%I64d$Content-Type:$Content-Type: application/x-www-form-urlencoded$Cookie:$Cookie: $Could not get Content-Type header line!$Could not seek stream$Could only read %I64d bytes from the input$Expect:$Failed sending HTTP POST request$Failed sending HTTP request$Failed sending POST request$Failed sending PUT request$File already completely uploaded$GET$HEAD$Host:$Host: %s%s%s$Host: %s%s%s:%hu$Internal HTTP POST error!$POST$PUT$Proxy-Connection:$Proxy-Connection: Keep-Alive$Range:$Range: bytes=%s$Referer:$Referer: %s$T"$T"$Transfer-Encoding:$Transfer-Encoding: chunked$User-Agent:$chunked$ftp://$ftp://%s:%s@%s$upload completely sent off: %I64d out of %I64d bytes
API String ID: 223351431-1307267706
Opcode ID: a20b95ea52433599df164f5017421f0fa4f350b50fdc0c5109f254bdb4b37c13
Instruction ID: f0353d597b44d32b210958a9da6ab41babe44d6e7b2fe0df9fce4583d95ca5e7
Opcode Fuzzy Hash: a20b95ea52433599df164f5017421f0fa4f350b50fdc0c5109f254bdb4b37c13
Instruction Fuzzy Hash: 98E2F774A00216ABDF14DB68DC46FEEBBA5EF46304F18416CED09AB242D771AD50CBB1

Function 00DAE920 Relevance: 105.3, APIs: 8, Strings: 52, Instructions: 319
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C), ref: 00DAE978
GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 00DAE990
GetProcAddress.KERNEL32(00000000), ref: 00DAE997
GetNativeSystemInfo.KERNELBASE(?), ref: 00DAE9A8
GetSystemInfo.KERNEL32(?), ref: 00DAE9B3

Strings

Windows Server 2003 R2, , xrefs: 00DAEB9D
Windows Server 2012 , xrefs: 00DAEA81
Business Edition, xrefs: 00DAEB15
Standard Edition, xrefs: 00DAEB5B, 00DAEC9D
kernel32.dll, xrefs: 00DAE98B, 00DAEAAE
Windows XP , xrefs: 00DAECA9
Cluster Server Edition, xrefs: 00DAEB29
Enterprise Edition, xrefs: 00DAEC83
Web Edition, xrefs: 00DAEC96
Standard x64 Edition, xrefs: 00DAEC56
Enterprise Edition for Itanium-based Systems, xrefs: 00DAEC22
Small Business Server, xrefs: 00DAEB47
Home Edition, xrefs: 00DAECC3
, 64-bit, xrefs: 00DAED8D
Ultimate Edition, xrefs: 00DAEAF7
Windows Home Server, xrefs: 00DAEBBF
Web Server Edition, xrefs: 00DAEB6F
Windows 2000 , xrefs: 00DAECD5
Small Business Server Premium Edition, xrefs: 00DAEB51
Datacenter Edition, xrefs: 00DAEC75
Compute Cluster Edition, xrefs: 00DAEC67
Starter Edition, xrefs: 00DAEB1F
Windows 8 , xrefs: 00DAEA7A
Windows 10 , xrefs: 00DAEA0D
Windows Server 2003, , xrefs: 00DAEBE0
GetNativeSystemInfo, xrefs: 00DAE986
Windows Vista , xrefs: 00DAEA3F
This sample does not support this version of Windows., xrefs: 00DAEDCC
Advanced Server, xrefs: 00DAED06
Datacenter Server, xrefs: 00DAECFB
Enterprise Edition (core installation), xrefs: 00DAEB3D
Windows 7 , xrefs: 00DAEA5C
Enterprise x64 Edition, xrefs: 00DAEC4C
Windows 8.1 , xrefs: 00DAEA98
Home Premium Edition, xrefs: 00DAEB01
Home Basic Edition, xrefs: 00DAEB0B
Server, xrefs: 00DAED0D
Windows Server 2008 R2 , xrefs: 00DAEA63
Windows Server 2008 , xrefs: 00DAEA46
(build %d), xrefs: 00DAED59
Microsoft , xrefs: 00DAE9D8
Professional, xrefs: 00DAECCA, 00DAECEA
Datacenter x64 Edition, xrefs: 00DAEC3C
Windows Server 2012 R2 , xrefs: 00DAEA9F
Datacenter Edition (core installation), xrefs: 00DAEB33
Windows XP Professional x64 Edition, xrefs: 00DAEBD9
GetProductInfo, xrefs: 00DAEAA9
Windows Server 2016 , xrefs: 00DAEA17
, 32-bit, xrefs: 00DAEDAF
Datacenter Edition for Itanium-based Systems, xrefs: 00DAEC10
Standard Edition (core installation), xrefs: 00DAEB65
Windows Storage Server 2003, xrefs: 00DAEBB1

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID: (build %d)$, 32-bit$, 64-bit$Advanced Server$Business Edition$Cluster Server Edition$Compute Cluster Edition$Datacenter Edition$Datacenter Edition (core installation)$Datacenter Edition for Itanium-based Systems$Datacenter Server$Datacenter x64 Edition$Enterprise Edition$Enterprise Edition (core installation)$Enterprise Edition for Itanium-based Systems$Enterprise x64 Edition$GetNativeSystemInfo$GetProductInfo$Home Basic Edition$Home Edition$Home Premium Edition$Microsoft $Professional$Server$Small Business Server$Small Business Server Premium Edition$Standard Edition$Standard Edition (core installation)$Standard x64 Edition$Starter Edition$This sample does not support this version of Windows.$Ultimate Edition$Web Edition$Web Server Edition$Windows 10 $Windows 2000 $Windows 7 $Windows 8 $Windows 8.1 $Windows Home Server$Windows Server 2003 R2, $Windows Server 2003, $Windows Server 2008 $Windows Server 2008 R2 $Windows Server 2012 $Windows Server 2012 R2 $Windows Server 2016 $Windows Storage Server 2003$Windows Vista $Windows XP $Windows XP Professional x64 Edition$kernel32.dll
API String ID: 374719553-4026996278
Opcode ID: 831ab2ba6d034d71829a1588fb39d4c359e0952d529baf10803147f6d5be2df1
Instruction ID: ef1aeb2de293b0dbae126b5d9d30dd081710bafe08781a799f25c9e82b3146e0
Opcode Fuzzy Hash: 831ab2ba6d034d71829a1588fb39d4c359e0952d529baf10803147f6d5be2df1
Instruction Fuzzy Hash: 99B1E330B44315AADF349654CD56FFE6721AB03B04F2455A6F84AF60C2CBB19E80EB72

Function 00D99D50 Relevance: 82.5, APIs: 9, Strings: 37, Instructions: 2018synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(00000000,00000001,?), ref: 00D99DD3
GetLastError.KERNEL32 ref: 00D99DE6

Strings

install id=, xrefs: 00D9A11B
GenericSetupInstaller_, xrefs: 00D99DA3
4.6, xrefs: 00D9B465
generic setup path=, xrefs: 00D9B9D4
4.6.1, xrefs: 00D9B497
BundleConfig.xml, xrefs: 00D9AC2D
GenericSetup.exe, xrefs: 00D9B89E
4.0 Full, xrefs: 00D9B39D
StubError, xrefs: 00D9BC75
}, xrefs: 00D9BC8B
4.5.1, xrefs: 00D9B401
., xrefs: 00D9A621
., xrefs: 00D9A537
4.5, xrefs: 00D9B3CF
EventServiceUrl, xrefs: 00D9A6A3
event service url=, xrefs: 00D9A908
<xmlattr>.key, xrefs: 00D9A5E9
4.6.2, xrefs: 00D9B4C9
4.5.2, xrefs: 00D9B433
BundleId=, xrefs: 00D9B24A
4.0 Client, xrefs: 00D9B36B
carrier path=, xrefs: 00D9B6D8
generic setup config file path=, xrefs: 00D9A33D
<xmlattr>.value, xrefs: 00D9A6E8, 00D9AA5C
BundleBypass, xrefs: 00D9B7DA
configuration.appSettings, xrefs: 00D9A505
installer, xrefs: 00D9A0BA, 00D9A2DC, 00D9A8A7, 00D9ADB7, 00D9B1EA, 00D9B678, 00D9B974, 00D9BB54
]: , xrefs: 00D9A10F, 00D9A331, 00D9A8FC, 00D9AE0C, 00D9B23E, 00D9B6CC, 00D9B9C8, 00D9BBA8
run installer complete. exit code=, xrefs: 00D9BBB4
BundleConfig, xrefs: 00D9B030
<xmlattr>.BundleId, xrefs: 00D9B116
wWinMain, xrefs: 00D9A0DE, 00D9A300, 00D9A8CB, 00D9ADDB, 00D9B20E, 00D9B69C, 00D9B998, 00D9BB78
3.5, xrefs: 00D9B339
Message, xrefs: 00D9B7A4, 00D9BC48
., xrefs: 00D9B062
bundle config file path=, xrefs: 00D9AE18
InstallId, xrefs: 00D9AA24

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CreateErrorLastMutex
String ID: .$.$.$3.5$4.0 Client$4.0 Full$4.5$4.5.1$4.5.2$4.6$4.6.1$4.6.2$<xmlattr>.BundleId$<xmlattr>.key$<xmlattr>.value$BundleBypass$BundleConfig$BundleConfig.xml$BundleId=$EventServiceUrl$GenericSetup.exe$GenericSetupInstaller_$InstallId$Message$StubError$]: $bundle config file path=$carrier path=$configuration.appSettings$event service url=$generic setup config file path=$generic setup path=$install id=$installer$run installer complete. exit code=$wWinMain$}
API String ID: 1925916568-3441198201
Opcode ID: 33f735d7f3230d1a55767cbc548c98bb13c85a27b00312189acdd5526a8893f9
Instruction ID: 4fe9df963dca15674b5253b4b914c289ef35fa1d03a33b4b78443b5a79530f0c
Opcode Fuzzy Hash: 33f735d7f3230d1a55767cbc548c98bb13c85a27b00312189acdd5526a8893f9
Instruction Fuzzy Hash: AF039C70D00258DADF15EBA4C959BEEBBB4EF15304F144199E409B7282EB746F88CBB1

Function 00D77E70 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 282
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Strong Cryptographic Provider,00000001,F0000000,?,00000000,2C690420,00000000,00000000), ref: 00D77EE4
___std_exception_copy.LIBVCRUNTIME ref: 00D77F78
CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,00000000), ref: 00D77FD0
___std_exception_copy.LIBVCRUNTIME ref: 00D78064
CryptHashData.ADVAPI32(00000000,?,?,00000000), ref: 00D780D6
___std_exception_copy.LIBVCRUNTIME ref: 00D7816A
CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000,?,00000000), ref: 00D7823B

Strings

couldn't crypt get hash param, xrefs: 00D78273
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __cdecl Generator::Md5Hash(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &), xrefs: 00D77FAC, 00D78098, 00D7819E, 00D782A9
couldn't create hash, xrefs: 00D7800C
couldn't crypt hash data, xrefs: 00D78112
couldn't acquire crypt context, xrefs: 00D77F20
Microsoft Strong Cryptographic Provider, xrefs: 00D77ED9
src\generator.cpp, xrefs: 00D77FA7, 00D78093, 00D78199, 00D782A4

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Crypt$Hash___std_exception_copy$AcquireContextCreateDataParam
String ID: Microsoft Strong Cryptographic Provider$class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __cdecl Generator::Md5Hash(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &)$couldn't acquire crypt context$couldn't create hash$couldn't crypt get hash param$couldn't crypt hash data$src\generator.cpp
API String ID: 2846258822-2439808906
Opcode ID: ce661905f25489b7b3a36e589c76fd9f711f09fbe2e5c4a4c614ecbbecd1807c
Instruction ID: 5c5d3bd0c20df7f9430dd707febd6694315eaeefa4f470fde5721d9cfca6914f
Opcode Fuzzy Hash: ce661905f25489b7b3a36e589c76fd9f711f09fbe2e5c4a4c614ecbbecd1807c
Instruction Fuzzy Hash: 6AC19070D503189FDB21DF54DC4ABDEB7B8AF14704F009599E509B6291EBB06B88CFA1

Function 00E81B5D Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 370
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00E81BDF
_free.LIBCMT ref: 00E81C03
_free.LIBCMT ref: 00E81D8A
GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00EB3258), ref: 00E81D9C
WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 00E81E14
WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Summer Time,000000FF,?,0000003F,00000000,?), ref: 00E81E41
_free.LIBCMT ref: 00E81F56

Strings

Eastern Summer Time, xrefs: 00E81E3A
X2, xrefs: 00E81D45, 00E81D4B
X2, xrefs: 00E81EB9
Eastern Standard Time, xrefs: 00E81E0D

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: Eastern Standard Time$Eastern Summer Time$X2$X2
API String ID: 314583886-3748871692
Opcode ID: 6fe7f0b7608221d35310b5a24dc8a0c598656527a4ea14fceecb5aac7934ea81
Instruction ID: c0d585a7d2c71ddb9dec82e26fbeabb870ace8a67b663b97b46bc802da9fc36f
Opcode Fuzzy Hash: 6fe7f0b7608221d35310b5a24dc8a0c598656527a4ea14fceecb5aac7934ea81
Instruction Fuzzy Hash: CFC10771A042489FCB24BF799841BA9BBECEF42314F1461DAE44DBB292E7309E47C750

Function 00D772E0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 348comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00EAB8B4,00000000,00000001,00EAB7E4,00000000,2C690420,?,?), ref: 00D7735E
CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?), ref: 00D7746B

Strings

ROOT\CIMV2, xrefs: 00D773C0
WHERE , xrefs: 00D774CF
SELECT * FROM , xrefs: 00D7748F

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: BlanketCreateInstanceProxy
String ID: WHERE $ROOT\CIMV2$SELECT * FROM
API String ID: 1899829610-2498882015
Opcode ID: b638742aef0fa3e5ff1102911fdc4430cf7732c7df0fdad8a9884cbb12c2be93
Instruction ID: 9cda31db711fb9361235159ac425fc8c3b933b146878d8bc3816cf5f81f22477
Opcode Fuzzy Hash: b638742aef0fa3e5ff1102911fdc4430cf7732c7df0fdad8a9884cbb12c2be93
Instruction Fuzzy Hash: 59E14E70A04208DFDF24DFA4C855BEEB7B4EF45304F248499E509AB281EB75AA48CF71

Function 00DBC880 Relevance: 7.8, APIs: 5, Instructions: 296networkCOMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 00DBCB11
WSAGetLastError.WS2_32 ref: 00DBCB20
__WSAFDIsSet.WS2_32(?,?), ref: 00DBCBF5
__WSAFDIsSet.WS2_32(?,?), ref: 00DBCC0C
__WSAFDIsSet.WS2_32(?,?), ref: 00DBCC23

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLastselect
String ID:
API String ID: 215497628-0
Opcode ID: 9e5896bde9c899d1fcfb9b5d39d152f353b3115349bd89678b448c3a848f569d
Instruction ID: f162d5f647d7b0d27da3cf03b4e71add5694105ec5a6915987c70b67c949051d
Opcode Fuzzy Hash: 9e5896bde9c899d1fcfb9b5d39d152f353b3115349bd89678b448c3a848f569d
Instruction Fuzzy Hash: FAB15B71A10219CBDF25CF29D8917EDB7B9FF88310F5455AEE85AE6241DB309E808F60

Function 00DBD610 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,00000000), ref: 00DBD651
WSAGetLastError.WS2_32 ref: 00DBD668

Strings

Recv failure: %s, xrefs: 00DBD68E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLastrecv
String ID: Recv failure: %s
API String ID: 2514157807-4276829032
Opcode ID: 2985a89dd2bcaa261c6243df6b2306a860e9316bea05ee1ca0c4a87b5cebac6a
Instruction ID: b205d7cadc4fa7f59825a1e460ca5d388f0db1a23abae18a5d6e61ec414d7bc7
Opcode Fuzzy Hash: 2985a89dd2bcaa261c6243df6b2306a860e9316bea05ee1ca0c4a87b5cebac6a
Instruction Fuzzy Hash: D9118F76200208AFDB109F59E880AEABBADEF89365F204026F90987251D771A9508BB0

Function 00D87720 Relevance: 4.6, APIs: 3, Instructions: 129timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00E8F433,2C690420,00000000,?,00000000), ref: 00D87755
__aulldiv.LIBCMT ref: 00D87772
__aulldiv.LIBCMT ref: 00D87782

Part of subcall function 00D85220: ___std_exception_copy.LIBVCRUNTIME ref: 00D8527E

Part of subcall function 00D89E40: __CxxThrowException@8.LIBVCRUNTIME ref: 00D89E8E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Time__aulldiv$Exception@8FileSystemThrow___std_exception_copy
String ID:
API String ID: 1498349571-0
Opcode ID: a9c526acab8b833627eadb87daf68b3c7923fd9dbe2dff83f370a5ea250bb2f1
Instruction ID: d5b13bfa6575eea364f62dea80cd8f85217e358353a7f9ebf7f2a9785b77ce87
Opcode Fuzzy Hash: a9c526acab8b833627eadb87daf68b3c7923fd9dbe2dff83f370a5ea250bb2f1
Instruction Fuzzy Hash: AE419071904208ABDB14EFA4DC42BFEB7B9EF08710F50452AF506E7281DB75A904CB75

Function 00E79701 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000003,?,00E796D7,00000003,00EDD518,0000000C,00E7982E,00000003,00000002,00000000,?,00E76523,00000003), ref: 00E79722
TerminateProcess.KERNEL32(00000000,?,00E796D7,00000003,00EDD518,0000000C,00E7982E,00000003,00000002,00000000,?,00E76523,00000003), ref: 00E79729
ExitProcess.KERNEL32 ref: 00E7973B

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: ae16688a7b2ea96c1a521ef0d140593a25dd15b6b0bf4f46aafd88ead24801b0
Instruction ID: b308ad3f1bf26a6e047bc71422ed5dce6e52d699a21b9bbde349f06a93a19a1a
Opcode Fuzzy Hash: ae16688a7b2ea96c1a521ef0d140593a25dd15b6b0bf4f46aafd88ead24801b0
Instruction Fuzzy Hash: 64E08C31021208AFCF117F21DE49A883BB9EF4A385F009015F90DBA132CB75ED42CB40

Function 00D73EA0 Relevance: 2.6, APIs: 2, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000008), ref: 00D73F76
HeapFree.KERNEL32(00000000), ref: 00D73F7D

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: aed2d9b8b8b1cb0fd9401926acc199c745becfbeb84085e461682420b6499a64
Instruction ID: c12c03ef3042118c2765702a3970e25497c73c8f24132fcabfeba50203fa23ab
Opcode Fuzzy Hash: aed2d9b8b8b1cb0fd9401926acc199c745becfbeb84085e461682420b6499a64
Instruction Fuzzy Hash: 7B312D70904619DBCB14DF98C945BAEFBB4FF48714F10461EE41AA7680EBB56B08CBB1

Function 00D98360 Relevance: 39.5, APIs: 3, Strings: 19, Instructions: 1039
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D83880: new.LIBCMT ref: 00D83896

new.LIBCMT ref: 00D98673
new.LIBCMT ref: 00D98686

Strings

Data, xrefs: 00D986AF
Content-Type: application/json, xrefs: 00D9860D
send event succeeded, xrefs: 00D98DFB
curl easy init failed, xrefs: 00D9921B
send event. event name=, xrefs: 00D984BB
installer, xrefs: 00D9845A, 00D988EF, 00D98B9D, 00D98D9A, 00D98F2C, 00D991BA
charsets: utf-8, xrefs: 00D98618
]: , xrefs: 00D984AF, 00D98944, 00D98BF2, 00D98DEF, 00D98F81, 00D9920F
SendEvent, xrefs: 00D9847E, 00D98913, 00D98BC1, 00D98DBE, 00D98F50, 00D991DE
., xrefs: 00D986E1
/v1/event-stat?ProductID=IS&Type=, xrefs: 00D98AA0
Accept: application/json, xrefs: 00D98601
send event failed. curl returned error=, xrefs: 00D98F8D
9, xrefs: 00D992E0
data=, xrefs: 00D98950
url=, xrefs: 00D98BFE
H, xrefs: 00D98770
https://flow.lavasoft.com, xrefs: 00D98A71
. disable stub events=, xrefs: 00D984D4

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: .$. disable stub events=$/v1/event-stat?ProductID=IS&Type=$9$Accept: application/json$Content-Type: application/json$Data$H$SendEvent$]: $charsets: utf-8$curl easy init failed$data=$https://flow.lavasoft.com$installer$send event failed. curl returned error=$send event succeeded$send event. event name=$url=
API String ID: 0-1052238508
Opcode ID: e35fce75a48b43a05188fc40b593bd0007d633d71a0feeaacb0e273a6118df61
Instruction ID: dd730a6e914a594a65bc464c463389c925cbf060d1fcb125aeb55b9bb57ecee9
Opcode Fuzzy Hash: e35fce75a48b43a05188fc40b593bd0007d633d71a0feeaacb0e273a6118df61
Instruction Fuzzy Hash: 1E92AD70E00358DBDF11EBA4C845BEEBBB4AF05B00F144199E9457B282DB74AE49CBB5

Function 00DB97C0 Relevance: 23.5, APIs: 1, Strings: 12, Instructions: 755COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DB9A2A

Part of subcall function 00DBD340: ___swprintf_l.LIBCMT ref: 00DBD382

Strings

No connections available in cache, xrefs: 00DBA2EE
Re-using existing connection! (#%ld) with %s %s, xrefs: 00DBA170
NTLM picked AND auth done set, clear picked!, xrefs: 00DBA21E
%s://%s, xrefs: 00DB99A6
memory shortage, xrefs: 00DB9AB0
No connections available., xrefs: 00DBA2C7
Found connection %ld, with requests in the pipe (%zu), xrefs: 00DBA09F
NTLM-proxy picked AND auth done set, clear picked!, xrefs: 00DBA24F
We can reuse, but we want a new connection anyway, xrefs: 00DBA0C9
host, xrefs: 00DBA15E
proxy, xrefs: 00DBA164, 00DBA16C
No more connections allowed to host: %d, xrefs: 00DBA2B9

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr___swprintf_l
String ID: %s://%s$Found connection %ld, with requests in the pipe (%zu)$NTLM picked AND auth done set, clear picked!$NTLM-proxy picked AND auth done set, clear picked!$No connections available in cache$No connections available.$No more connections allowed to host: %d$Re-using existing connection! (#%ld) with %s %s$We can reuse, but we want a new connection anyway$host$memory shortage$proxy
API String ID: 1035537661-616786730
Opcode ID: f87a7315fdbce58ad378bd6e7de18f18d386cf052abbc2ea6d280346d5ee788f
Instruction ID: f203393f84303d1dddc1dae6d85a2f06e44cd0313833012efa59e42ba49c14ed
Opcode Fuzzy Hash: f87a7315fdbce58ad378bd6e7de18f18d386cf052abbc2ea6d280346d5ee788f
Instruction Fuzzy Hash: 0762F570A00781EFDB15DF78C888BEAFBE4BF05304F080169E95A97242D775A954CBB6

Function 00D97460 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 367
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D83880: new.LIBCMT ref: 00D83896

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00D97721
GetLastError.KERNEL32 ref: 00D9772F

Strings

. cmd=, xrefs: 00D975C3
couldn't create process. error=, xrefs: 00D97840
run installer without uac. path=, xrefs: 00D975AD
installer, xrefs: 00D9754C, 00D977DF
D, xrefs: 00D976AC
]: , xrefs: 00D975A1, 00D97834
RunInstallerWithoutUAC, xrefs: 00D97570, 00D97803

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CreateErrorLastProcess
String ID: . cmd=$D$RunInstallerWithoutUAC$]: $couldn't create process. error=$installer$run installer without uac. path=
API String ID: 2919029540-2793288024
Opcode ID: 06e0acf1ea307151bc4a652fba82026dd8e61c16341a790c4efff31e9f1114d6
Instruction ID: c0bd5b3ce7fd9e479abfe337948c28bb40a4a6e8466942dced9c409ba2c97319
Opcode Fuzzy Hash: 06e0acf1ea307151bc4a652fba82026dd8e61c16341a790c4efff31e9f1114d6
Instruction Fuzzy Hash: 40E1BE70E003189BDF10EB68C805BAEBBB9EF45700F154199E949B7381DB74AE49CBB5

Function 00DBE4A0 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 164
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getpeername.WS2_32(?,?,?), ref: 00DBE4FE
WSAGetLastError.WS2_32(?,?,?,?,?,?,00000000), ref: 00DBE508

Part of subcall function 00DC9850: GetLastError.KERNEL32(00000010,00000000,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?,?), ref: 00DC9856
Part of subcall function 00DC9850: _strncpy.LIBCMT ref: 00DC988A
Part of subcall function 00DC9850: _strrchr.LIBCMT ref: 00DC98DF
Part of subcall function 00DC9850: _strrchr.LIBCMT ref: 00DC98FA
Part of subcall function 00DC9850: GetLastError.KERNEL32(?,?,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?,?), ref: 00DC9912
Part of subcall function 00DC9850: SetLastError.KERNEL32(00000000,?,?,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?), ref: 00DC991D

Part of subcall function 00DBD340: ___swprintf_l.LIBCMT ref: 00DBD382

getsockname.WS2_32(?,?,00000080), ref: 00DBE567
WSAGetLastError.WS2_32(?,?,?), ref: 00DBE571

Strings

getsockname() failed with errno %d: %s, xrefs: 00DBE582
getpeername() failed with errno %d: %s, xrefs: 00DBE519
ssloc inet_ntop() failed with errno %d: %s, xrefs: 00DBE651
ssrem inet_ntop() failed with errno %d: %s, xrefs: 00DBE5D3

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast$_strrchr$___swprintf_l_strncpygetpeernamegetsockname
String ID: getpeername() failed with errno %d: %s$getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
API String ID: 978289777-670633250
Opcode ID: f0facde5f9b4077670a24c87d3194c759a0136df0da83e2fed1c3e0cee00cb9a
Instruction ID: afb2a01e438e6fdee919bc1afa82f6b83286420f96a4a78fc5b426fdafa97cbe
Opcode Fuzzy Hash: f0facde5f9b4077670a24c87d3194c759a0136df0da83e2fed1c3e0cee00cb9a
Instruction Fuzzy Hash: 8551C8B1A00219AADB10EB65DC45BFAB7ACEF55314F004599FD4EA3102EF3069548BB1

Function 00E81D32 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 171
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00EB3258), ref: 00E81D9C
WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 00E81E14
WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Summer Time,000000FF,?,0000003F,00000000,?), ref: 00E81E41
_free.LIBCMT ref: 00E81D8A

Part of subcall function 00E772F5: RtlFreeHeap.NTDLL(00000000,00000000,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?), ref: 00E7730B
Part of subcall function 00E772F5: GetLastError.KERNEL32(?,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?,?), ref: 00E7731D

_free.LIBCMT ref: 00E81F56

Strings

Eastern Summer Time, xrefs: 00E81E3A
X2, xrefs: 00E81D45, 00E81D4B
X2, xrefs: 00E81EB9
Eastern Standard Time, xrefs: 00E81E0D

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time$X2$X2
API String ID: 1286116820-3748871692
Opcode ID: 93409a849b90bdc7a1ca7c7633568fc1da58c5ae8247f080e0dc0fc481a754ee
Instruction ID: d8239255feb34d61c41162ce9290869d326fa9c8912985b4455a26240ef4d46b
Opcode Fuzzy Hash: 93409a849b90bdc7a1ca7c7633568fc1da58c5ae8247f080e0dc0fc481a754ee
Instruction Fuzzy Hash: 5A51E971900249EFCB10FF6A9C81AE9B7FCEF41314B1056AAF41DB7291E7309E468B50

Function 00D73FA0 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 493
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.OLE32(00000000,00000000,2C690420), ref: 00D73FDF

Part of subcall function 00D77E70: CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Strong Cryptographic Provider,00000001,F0000000,?,00000000,2C690420,00000000,00000000), ref: 00D77EE4
Part of subcall function 00D77E70: ___std_exception_copy.LIBVCRUNTIME ref: 00D77F78
Part of subcall function 00D77E70: CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,00000000), ref: 00D77FD0

Strings

DISK >> , xrefs: 00D740E4
WCID >> , xrefs: 00D74178
MAC >> , xrefs: 00D74145
+, xrefs: 00D74730
BASE >> , xrefs: 00D740B6
VIDEO >> , xrefs: 00D74112
BIOS >> , xrefs: 00D74088

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Crypt$AcquireContextCreateHashInitialize___std_exception_copy
String ID: BASE >> $BIOS >> $DISK >> $MAC >> $VIDEO >> $WCID >> $+
API String ID: 1990730815-3500764484
Opcode ID: a7433245f2cc070136e8ab9e7e210de11bc983f6b5fcf0e7c9e3677bb6d645e5
Instruction ID: 1a860a0439dfce7ce795008c98ed9fe77937b8d967d3513677f4414220fd3d95
Opcode Fuzzy Hash: a7433245f2cc070136e8ab9e7e210de11bc983f6b5fcf0e7c9e3677bb6d645e5
Instruction Fuzzy Hash: CB2256709102589EDB62DB68CC85BDEBBB4FF05308F1081D9E00DA7251EB756E88CFA1

Function 00DBDD30 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 315
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Connection time-out, xrefs: 00DBDDAE
Connection failed, xrefs: 00DBDEEE
After %ldms connect time, move on!, xrefs: 00DBDE59
L', xrefs: 00DBDE69
Failed to connect to %s port %ld: %s, xrefs: 00DBE0EA
connect to %s port %ld failed: %s, xrefs: 00DBDF4F

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: After %ldms connect time, move on!$Connection failed$Connection time-out$Failed to connect to %s port %ld: %s$L'$connect to %s port %ld failed: %s
API String ID: 0-47163629
Opcode ID: e85c84c60df1a9f2ba572f64397e5b914a6c68fd2c41ba846b4c72ff7edf1c9c
Instruction ID: 092512cb718d7cfc061115284e131bb514eae3d243c6c09b7eb5a0d2e1fcbe5e
Opcode Fuzzy Hash: e85c84c60df1a9f2ba572f64397e5b914a6c68fd2c41ba846b4c72ff7edf1c9c
Instruction Fuzzy Hash: 33C15E70900248EFDF14DFA4D885AED7BB6EF05314F184169F90AAB296EB319855CB31

Function 00D980B0 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 203
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D83880: new.LIBCMT ref: 00D83896

MessageBoxW.USER32(00000002,Administrator rights required for this setup,00000002,00000002), ref: 00D98334

Strings

. cmd=, xrefs: 00D98200
RunInstaller, xrefs: 00D981AE
installer, xrefs: 00D9818A
run installer. path=, xrefs: 00D981EB
]: , xrefs: 00D981DF
Administrator rights required for this setup, xrefs: 00D9832E
. uac=, xrefs: 00D98216

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Message
String ID: . cmd=$. uac=$Administrator rights required for this setup$RunInstaller$]: $installer$run installer. path=
API String ID: 2030045667-2644114103
Opcode ID: 0d3e230d3424a79bab03a752fe57c4053900181aecfefa601f442c904e1cb333
Instruction ID: 6596b39bda0e6300274e6771a587cb2bc58669f976c4a571e74b1018b6faf65b
Opcode Fuzzy Hash: 0d3e230d3424a79bab03a752fe57c4053900181aecfefa601f442c904e1cb333
Instruction Fuzzy Hash: C8718B70E007189BCF14EBA5C845BAEB7B9EF45B10F544119E802BB291DB74AE068BB5

Function 00E7C796 Relevance: 13.8, APIs: 9, Instructions: 300
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bebc7dcd283bc4b64909e7c641aaf384f1f0b9e14f4854b3dcfda57fee2bbd08
Instruction ID: 1a14403612663f306c692bdc418982b379ac2760692062fc801506dcad3fba7c
Opcode Fuzzy Hash: bebc7dcd283bc4b64909e7c641aaf384f1f0b9e14f4854b3dcfda57fee2bbd08
Instruction Fuzzy Hash: 53C11874E082899FDB15CFA8DC41BAD7BF8AF0A314F28A148F509B7392D7349941CB61

Function 00D84450 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 00D8448D
RegQueryValueExW.KERNELBASE(?,Release,00000000,00000000,00000000,00000004), ref: 00D844AD
RegCloseKey.ADVAPI32(?), ref: 00D844BA
RegCloseKey.ADVAPI32(?), ref: 00D844D1

Strings

O, xrefs: 00D844D7
Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 00D84473
Release, xrefs: 00D844A5

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: O$Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
API String ID: 1607946009-934053027
Opcode ID: 95a6fb35cdf12ad0f8695b06dbfe31dbb951539d7b906a5e3ccdbf519d294a1f
Instruction ID: a6918f86e1576171e67f3ea07a0fa8d5e1cbfb2dcb675afbd82806f5a7adb6e3
Opcode Fuzzy Hash: 95a6fb35cdf12ad0f8695b06dbfe31dbb951539d7b906a5e3ccdbf519d294a1f
Instruction Fuzzy Hash: C31182B1A4020CAFDB00DFA5DC85BFEB7B8EB08305F504459E906B6181EB756A08CB61

Function 00DBCC60 Relevance: 12.3, APIs: 8, Instructions: 296
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

select.WS2_32(?,?,00000000,?,?), ref: 00DBCEC2
WSAGetLastError.WS2_32 ref: 00DBCECD
__WSAFDIsSet.WS2_32(000000FF,?), ref: 00DBCF84
__WSAFDIsSet.WS2_32(000000FF,?), ref: 00DBCF9B
__WSAFDIsSet.WS2_32(00DB56EF,?), ref: 00DBCFB4
__WSAFDIsSet.WS2_32(00DB56EF,?), ref: 00DBCFC8
__WSAFDIsSet.WS2_32(?,00000000), ref: 00DBCFE4
__WSAFDIsSet.WS2_32(?,?), ref: 00DBCFF8

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLastselect
String ID:
API String ID: 215497628-0
Opcode ID: 515eeac429c5038d42df6fa7b1a3a65eef6f437a86eb0363f58ab53ce22995a8
Instruction ID: 334a1ffcf0620a5a5657171574e2ec16acae3876444bfb7f70a4104ce426f4fa
Opcode Fuzzy Hash: 515eeac429c5038d42df6fa7b1a3a65eef6f437a86eb0363f58ab53ce22995a8
Instruction Fuzzy Hash: 6AB16171A11219CBCF25DF288C907EDB6B9FF48310F1456BAE86AD6281D770DE818F60

Function 00E4D030 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 442
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00E4CC80: ___std_exception_copy.LIBVCRUNTIME ref: 00E4CDB4

Part of subcall function 00E3F660: new.LIBCMT ref: 00E3F662

Part of subcall function 00E4E060: new.LIBCMT ref: 00E4E062

Part of subcall function 00E5E6F0: LoadLibraryA.KERNEL32(?), ref: 00E5E70C

___std_exception_copy.LIBVCRUNTIME ref: 00E4D1AC
___std_exception_destroy.LIBVCRUNTIME ref: 00E4D201
__Init_thread_footer.LIBCMT ref: 00E4D4BE
std::_Xinvalid_argument.LIBCPMT ref: 00E4D5C9

Part of subcall function 00DE2308: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00DE2314
Part of subcall function 00DE2308: __CxxThrowException@8.LIBVCRUNTIME ref: 00DE2322

Strings

Unable to open message catalog: , xrefs: 00E4D161
string too long, xrefs: 00E4D5C4

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_exception_copy$Exception@8Init_thread_footerLibraryLoadThrowXinvalid_argument___std_exception_destroystd::_std::invalid_argument::invalid_argument
String ID: Unable to open message catalog: $string too long
API String ID: 1682877864-52554103
Opcode ID: 5dcdc391120ba8fc6a31f4a54f3a7e975d3becbc76670c7bc82b321506c630e8
Instruction ID: fddb1127c262d10d5cb428532fea8bc8c204924edb1436cb94d3df825a460c8d
Opcode Fuzzy Hash: 5dcdc391120ba8fc6a31f4a54f3a7e975d3becbc76670c7bc82b321506c630e8
Instruction Fuzzy Hash: D8029870904248DFDF14DF68C984BEE7BE5EF08308F109159F859A7292DB74EA48CBA1

Function 00DBEBC0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 260COMMON

Download Yara Rule

APIs

Part of subcall function 00DBEB60: htons.WS2_32(?), ref: 00DBEB8D

GetLastError.KERNEL32(?,?,?,?,00000010,000001B8,00000007), ref: 00DBEC3A

Part of subcall function 00DC9850: GetLastError.KERNEL32(00000010,00000000,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?,?), ref: 00DC9856
Part of subcall function 00DC9850: _strncpy.LIBCMT ref: 00DC988A
Part of subcall function 00DC9850: _strrchr.LIBCMT ref: 00DC98DF
Part of subcall function 00DC9850: _strrchr.LIBCMT ref: 00DC98FA
Part of subcall function 00DC9850: GetLastError.KERNEL32(?,?,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?,?), ref: 00DC9912
Part of subcall function 00DC9850: SetLastError.KERNEL32(00000000,?,?,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?), ref: 00DC991D

Part of subcall function 00DBD340: ___swprintf_l.LIBCMT ref: 00DBD382

Part of subcall function 00DBDAD0: closesocket.WS2_32(00DB94A9), ref: 00DBDB08

Strings

Trying %s..., xrefs: 00DBEC82
sa_addr inet_ntop() failed with errno %d: %s, xrefs: 00DBEC51
Immediate connect fail for %s: %s, xrefs: 00DBEE6E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast$_strrchr$___swprintf_l_strncpyclosesockethtons
String ID: Trying %s...$Immediate connect fail for %s: %s$sa_addr inet_ntop() failed with errno %d: %s
API String ID: 2012154964-3338264681
Opcode ID: 6e80bf6001cb6f3a5ad389c516c8bdd13acaec59da4a64f26a105a50a9f587b2
Instruction ID: 1ccbcb194f9c33294673031f83d7ee276020d2a01448c46c2c8673875d6e3078
Opcode Fuzzy Hash: 6e80bf6001cb6f3a5ad389c516c8bdd13acaec59da4a64f26a105a50a9f587b2
Instruction Fuzzy Hash: 7D818371A01118EBDF20DB69DC85FEEB7A8EF15315F0401EAF90EA7242DA355E448BB1

Function 00D84660 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v3.5,00000000,00020019,?), ref: 00D846B5
RegQueryValueExW.KERNELBASE(?,Version,00000000,?,?,00000104), ref: 00D846E4
RegCloseKey.ADVAPI32(?), ref: 00D846F4
RegCloseKey.ADVAPI32(?), ref: 00D846FF

Strings

Version, xrefs: 00D846D9
Software\Microsoft\NET Framework Setup\NDP\v3.5, xrefs: 00D84699

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: Software\Microsoft\NET Framework Setup\NDP\v3.5$Version
API String ID: 1607946009-2487358979
Opcode ID: 234390ef8664f678e370874d20303c1eb22319f6237547534f39111f409ae543
Instruction ID: dfd03b809833dbe238cc7c4f9529fa42f408e2bf95915ccd50eb4930dc5cf4c2
Opcode Fuzzy Hash: 234390ef8664f678e370874d20303c1eb22319f6237547534f39111f409ae543
Instruction Fuzzy Hash: 5541C971A4021DABCB20FFA5EC85BEEB3F9EB15311F1005A9E90AE6101D7709E458FB0

Function 00D840C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Client,00000000,00020019,?), ref: 00D840FA
RegQueryValueExW.KERNELBASE(?,Install,00000000,00000000,00000000,00000004), ref: 00D8411A
RegCloseKey.ADVAPI32(?), ref: 00D84127
RegCloseKey.ADVAPI32(?), ref: 00D8413D

Strings

Software\Microsoft\NET Framework Setup\NDP\v4\Client, xrefs: 00D840E2, 00D84154
Install, xrefs: 00D84112

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: Install$Software\Microsoft\NET Framework Setup\NDP\v4\Client
API String ID: 1607946009-4260260141
Opcode ID: 1621385801b067c414dd92f2396c0ea422e0f7c2a83a0e5cb69aee936d879fda
Instruction ID: 5f598258d093c72d1fa7fc56afdede58ba46da9f0deb0083c6dd0ca08c5caf88
Opcode Fuzzy Hash: 1621385801b067c414dd92f2396c0ea422e0f7c2a83a0e5cb69aee936d879fda
Instruction Fuzzy Hash: 271154B0A4020DAFDF10EF91DC4AFEE77B8EB04705F504455E606B61C1EBB56A04DB61

Function 00D84000 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v3.5,00000000,00020019,?), ref: 00D8403A
RegQueryValueExW.KERNELBASE(?,Install,00000000,00000000,00000000,00000004), ref: 00D8405A
RegCloseKey.ADVAPI32(?), ref: 00D84067
RegCloseKey.KERNELBASE(?), ref: 00D8407D

Strings

Install, xrefs: 00D84052
Software\Microsoft\NET Framework Setup\NDP\v3.5, xrefs: 00D84022, 00D84094

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: Install$Software\Microsoft\NET Framework Setup\NDP\v3.5
API String ID: 1607946009-1679568285
Opcode ID: 0e8ba167ad3f4e22a2597afe11caac3959e04379052ddac1a01ea3e9a82eb001
Instruction ID: 4b825a5a4b10c3b2b05abac24dce349b22320f95f12488aa1af5eb075c7cf955
Opcode Fuzzy Hash: 0e8ba167ad3f4e22a2597afe11caac3959e04379052ddac1a01ea3e9a82eb001
Instruction Fuzzy Hash: 66114F70A4020DAFDF10EF91DD4ABAFB7B8EF05705F114459EA0676181EBB16A08DB61

Function 00D84180 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 00D841BA
RegQueryValueExW.KERNELBASE(?,Install,00000000,00000000,00000000,00000004), ref: 00D841DA
RegCloseKey.ADVAPI32(?), ref: 00D841E7
RegCloseKey.ADVAPI32(?), ref: 00D841FD

Strings

Install, xrefs: 00D841D2
Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 00D841A2, 00D84214

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: Install$Software\Microsoft\NET Framework Setup\NDP\v4\Full
API String ID: 1607946009-105569139
Opcode ID: 320adc096e578bd0d26fd08db879c2dc5cfae06f1ca537d8f17189a702701565
Instruction ID: 45b914813a3c5c2ae35a9c7635835cce57ad35266c2316020e65493a00071e04
Opcode Fuzzy Hash: 320adc096e578bd0d26fd08db879c2dc5cfae06f1ca537d8f17189a702701565
Instruction Fuzzy Hash: C31151B4A4020DAFDF10EF91DC4AFEEB7B8EB04705F504459EA067A1C1EB716A08DB61

Function 00D842F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 00D8432D
RegQueryValueExW.KERNELBASE(?,Release,00000000,00000000,00000000,00000004), ref: 00D8434D
RegCloseKey.ADVAPI32(?), ref: 00D8435A
RegCloseKey.ADVAPI32(?), ref: 00D84371

Strings

Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 00D84313
Release, xrefs: 00D84345

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
API String ID: 1607946009-1522824743
Opcode ID: 9cacca0ebbf5e0214ea0792d74c2e4fb69e62fe39f1bc47e0b6a474a9015f36c
Instruction ID: 8ef7ba0fca11448cd55b41aede9700630c36bb7d1d8da3a8a8cb30cbb8184385
Opcode Fuzzy Hash: 9cacca0ebbf5e0214ea0792d74c2e4fb69e62fe39f1bc47e0b6a474a9015f36c
Instruction Fuzzy Hash: 141182B1A4020DAFDF10DFA5DC85BFEB7B8EB08305F504459E906B6181EB756A08DB61

Function 00D84240 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 00D8427D
RegQueryValueExW.KERNELBASE(?,Release,00000000,00000000,00000000,00000004), ref: 00D8429D
RegCloseKey.ADVAPI32(?), ref: 00D842AA
RegCloseKey.ADVAPI32(?), ref: 00D842C1

Strings

Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 00D84263
Release, xrefs: 00D84295

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
API String ID: 1607946009-1522824743
Opcode ID: 3ae922d39c49f9769930596f166223af7f2743958259b987129f73480f572a01
Instruction ID: d509294c5e2b0a62ce7f85d577de9dfba1ac34898e59ec873db04c0492c73fc0
Opcode Fuzzy Hash: 3ae922d39c49f9769930596f166223af7f2743958259b987129f73480f572a01
Instruction Fuzzy Hash: 49118EB1A4020CAFDB00DFA5DC85BFEB7B8EB08305F51445AF906B6181EB756A08CB65

Function 00D843A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 00D843DD
RegQueryValueExW.KERNELBASE(?,Release,00000000,00000000,00000000,00000004), ref: 00D843FD
RegCloseKey.ADVAPI32(?), ref: 00D8440A
RegCloseKey.ADVAPI32(?), ref: 00D84421

Strings

Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 00D843C3
Release, xrefs: 00D843F5

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
API String ID: 1607946009-1522824743
Opcode ID: d1c8868ee5a323cc3d508bb6e98a504769928df71841b8c19e55a17361033b64
Instruction ID: 566d44e2fa6011a0a3f6da6a23d334389da344fc9935ffeb8c16b9d29adb3906
Opcode Fuzzy Hash: d1c8868ee5a323cc3d508bb6e98a504769928df71841b8c19e55a17361033b64
Instruction Fuzzy Hash: B2118EB1A4020CAFDB00DFA5DC85BFEB7B8EB08305F50445AE906B6181EB756A08CB61

Function 00D845B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 00D845ED
RegQueryValueExW.KERNELBASE(?,Release,00000000,00000000,00000000,00000004), ref: 00D8460D
RegCloseKey.ADVAPI32(?), ref: 00D8461A
RegCloseKey.ADVAPI32(?), ref: 00D84631

Strings

Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 00D845D3
Release, xrefs: 00D84605

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
API String ID: 1607946009-1522824743
Opcode ID: c476f729d8d111db4de92c4785dbe39b776e4e5a840f569d86b9cfe2fc728b29
Instruction ID: b02085b747d9ca95f61536b15cbb99f40cddd9a6e4f8fd2cf0f4afe97b8f959d
Opcode Fuzzy Hash: c476f729d8d111db4de92c4785dbe39b776e4e5a840f569d86b9cfe2fc728b29
Instruction Fuzzy Hash: 5D1182B1A4020DAFDB00DFA5DC95BFEB7B8EB09305F504459E506B6181EB756A08CB61

Function 00D84500 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 00D8453D
RegQueryValueExW.KERNELBASE(?,Release,00000000,00000000,00000000,00000004), ref: 00D8455D
RegCloseKey.ADVAPI32(?), ref: 00D8456A
RegCloseKey.ADVAPI32(?), ref: 00D84581

Strings

Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 00D84523
Release, xrefs: 00D84555

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
API String ID: 1607946009-1522824743
Opcode ID: a08c33cb11330fba880563ef14ca74f938808f4ea9d660a5355774fb41ad096a
Instruction ID: ccb9b7a53885d3a7fab23c0ecba2b61315965d05a0e5c4b765dc3b2fda94918e
Opcode Fuzzy Hash: a08c33cb11330fba880563ef14ca74f938808f4ea9d660a5355774fb41ad096a
Instruction Fuzzy Hash: 2E11A5B1A4020CAFDF10DFA5DC85BFEB7BCEB08305F504499E506B6181EB756A08CB61

Function 00E6D6F2 Relevance: 9.3, APIs: 6, Instructions: 284COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00E6D87F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E6D89B
__allrem.LIBCMT ref: 00E6D8B2
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E6D8D0
__allrem.LIBCMT ref: 00E6D8E7
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E6D905

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 751f8abe2008aafb220b056cd60e34a4dd8e55c36b13598ae224ddcb7106dd44
Instruction ID: 6f8c0c9509f3c600206537075a211386aea332d0c7e4e6b4c8b0028549b8aa50
Opcode Fuzzy Hash: 751f8abe2008aafb220b056cd60e34a4dd8e55c36b13598ae224ddcb7106dd44
Instruction Fuzzy Hash: 66813972F887059BD724AA79EC42B6A73E8EF503A4F64612AF515F7281EB70ED008750

Function 00DB49B0 Relevance: 9.1, APIs: 6, Instructions: 65networkCOMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00DB49DA

Part of subcall function 00DC94B0: getaddrinfo.WS2_32(?,00000000,?,?), ref: 00DC94CE
Part of subcall function 00DC94B0: freeaddrinfo.WS2_32(?,?), ref: 00DC95BF

WSAGetLastError.WS2_32 ref: 00DB4A02
WSAGetLastError.WS2_32 ref: 00DB4A08
EnterCriticalSection.KERNEL32(?), ref: 00DB4A1E
LeaveCriticalSection.KERNEL32(?), ref: 00DB4A2C
LeaveCriticalSection.KERNEL32(?), ref: 00DB4A4B

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CriticalSection$ErrorLastLeave$Enter___swprintf_lfreeaddrinfogetaddrinfo
String ID:
API String ID: 2327269287-0
Opcode ID: 3e8658ca3091cc9f0d2392cde0a27fecc28a460e326417950cff622b75fa5549
Instruction ID: e16660fb7f1ecc2355ccf3aaea68cdc28d798908d484eeaf6406e5777f383049
Opcode Fuzzy Hash: 3e8658ca3091cc9f0d2392cde0a27fecc28a460e326417950cff622b75fa5549
Instruction Fuzzy Hash: 07116D71500209DFC720DFA5DD85FABB7F8EF49300F14492AE546A3212DB31A9088B75

Function 00DB4590 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 122COMMON

Download Yara Rule

APIs

Part of subcall function 00DC7DE0: SetLastError.KERNEL32(0000273F,?,00DB41D2,00000002,00DB300A,?), ref: 00DC7DEE

___swprintf_l.LIBCMT ref: 00DB4612

Strings

getaddrinfo() failed for %s:%d; %s, xrefs: 00DB468A
init_resolve_thread() failed for %s; %s, xrefs: 00DB4655

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast___swprintf_l
String ID: getaddrinfo() failed for %s:%d; %s$init_resolve_thread() failed for %s; %s
API String ID: 2990598187-1389973398
Opcode ID: 6966d1dee70d4aebd3b18d068e264350d0599bcdac6125c62c4b99316f62712c
Instruction ID: ee849f59f71e4d5da49c884ad74e7477b6bd00f0817b67fad796c47c8717ec48
Opcode Fuzzy Hash: 6966d1dee70d4aebd3b18d068e264350d0599bcdac6125c62c4b99316f62712c
Instruction Fuzzy Hash: 5E315372A00109ABDB00EFA5DC86EFFB7BCEF49315F50416AF909E7142EA31691587B1

Function 00D7DB70 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 232COMMON

Download Yara Rule

Strings

string too long, xrefs: 00D7DD80, 00D7DD8A
invalid string position, xrefs: 00D7DD76

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: invalid string position$string too long
API String ID: 0-4289949731
Opcode ID: 475a0139abd74fa0af05ac189897fdeb0e3079882eda1c7eda298a900218c54a
Instruction ID: 0572e8e9ee5157c35d69a5ab11cedd7d28226d7811a7ec6c499bcb8e54bf5c30
Opcode Fuzzy Hash: 475a0139abd74fa0af05ac189897fdeb0e3079882eda1c7eda298a900218c54a
Instruction Fuzzy Hash: 567170317042099BCB24DF5CD8809AAB7FBFF88311724896EE95AC7250E771E910CBB4

Function 00D99910 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 213COMMON

Download Yara Rule

APIs

Part of subcall function 00DAF7F0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,2C690420), ref: 00DAF852
Part of subcall function 00DAF7F0: GetLastError.KERNEL32(00000003,00000001,?,?,?,?,2C690420), ref: 00DAF88B
Part of subcall function 00DAF7F0: ___std_exception_copy.LIBVCRUNTIME ref: 00DAF8F7

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00D99C59

Strings

BundleConfig.<xmlattr>.BundleId, xrefs: 00D99AB5
BundleConfig.xml, xrefs: 00D9994A
., xrefs: 00D99AED

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorFileIos_base_dtorLastModuleName___std_exception_copystd::ios_base::_
String ID: .$BundleConfig.<xmlattr>.BundleId$BundleConfig.xml
API String ID: 2185223521-2168995269
Opcode ID: 20b1b8c96692cae4e6b689c3fd23e8d1ad9e30bbdd23a08736976ebd9f06f0cc
Instruction ID: 22c520db9e1788e28233dfa8264ba4b5b66f79a63d9d5e219845623457fab5be
Opcode Fuzzy Hash: 20b1b8c96692cae4e6b689c3fd23e8d1ad9e30bbdd23a08736976ebd9f06f0cc
Instruction Fuzzy Hash: D5A136B08002589BDF65DB58CC95BEEBBB4EF18304F1041D9E549A7281EB746AC8CFA1

Function 00E81E8D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E81F00
_free.LIBCMT ref: 00E81F56

Part of subcall function 00E81D32: _free.LIBCMT ref: 00E81D8A
Part of subcall function 00E81D32: GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00EB3258), ref: 00E81D9C
Part of subcall function 00E81D32: WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 00E81E14
Part of subcall function 00E81D32: WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Summer Time,000000FF,?,0000003F,00000000,?), ref: 00E81E41

Strings

X2, xrefs: 00E81EB9

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: X2
API String ID: 314583886-3763382758
Opcode ID: 6b676eb0d069e12eaae4f351131934350a7f6b8e7fa43575468ef6a6693421b2
Instruction ID: d2ac74e772b746702985495f35dc9cb558ed7f0de56ce6c32b6169209dd291c1
Opcode Fuzzy Hash: 6b676eb0d069e12eaae4f351131934350a7f6b8e7fa43575468ef6a6693421b2
Instruction Fuzzy Hash: 73212972A041589BCB30B7759C41FEA77BCDF81324F2012D5F9ACB6191EB705E868B91

Function 00E7D4FB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,00DE309B,?,00E7D419,00DE309B,00EDD620,0000000C), ref: 00E7D551
GetLastError.KERNEL32(?,00E7D419,00DE309B,00EDD620,0000000C), ref: 00E7D55B
__dosmaperr.LIBCMT ref: 00E7D586

Strings

@tt, xrefs: 00E7D515

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification__dosmaperr
String ID: @tt
API String ID: 490808831-2480954629
Opcode ID: 6eee664d6cd799d248075792203a1e0f0d110377967bb5cbb6ab8f21c5808333
Instruction ID: 90e2da91de20b356f0e3237995844d5596ce2d05318cb55056ff11d1564bc232
Opcode Fuzzy Hash: 6eee664d6cd799d248075792203a1e0f0d110377967bb5cbb6ab8f21c5808333
Instruction Fuzzy Hash: 11014C32A0C2109FD62566346C85BBE27EB4F82B3CF256159F90CBB1D2DA60D84142D0

Function 00E1CAF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(00000000,00E088DE,00000000), ref: 00E1CAF3
TlsFree.KERNELBASE(?,2C690420,00000000,00E8D640,000000FF,?,libs\log\src\thread_specific.cpp,00000029,TLS capacity depleted,0000000C), ref: 00E1CB44

Strings

libs\log\src\thread_specific.cpp, xrefs: 00E1CB0D
TLS capacity depleted, xrefs: 00E1CB06

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: AllocFree
String ID: TLS capacity depleted$libs\log\src\thread_specific.cpp
API String ID: 265982327-1379514790
Opcode ID: a1d11d97368bd0e31a87524fb94f79aabac66d55f8969386357d1c0651dd9f01
Instruction ID: e19ba1ed1d752a2c869b5f0bf7a417f827dacbdb8de1b3e6f4b15be8abe6112a
Opcode Fuzzy Hash: a1d11d97368bd0e31a87524fb94f79aabac66d55f8969386357d1c0651dd9f01
Instruction Fuzzy Hash: ACF05431648754AFD7119F68EC05F95B7A8EB0EB20F104769F816F7AD0D77568048690

Function 00DBE350 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 00DBE36E
WSAGetLastError.WS2_32(?,00DBECCE,?,?), ref: 00DBE378

Part of subcall function 00DC9850: GetLastError.KERNEL32(00000010,00000000,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?,?), ref: 00DC9856
Part of subcall function 00DC9850: _strncpy.LIBCMT ref: 00DC988A
Part of subcall function 00DC9850: _strrchr.LIBCMT ref: 00DC98DF
Part of subcall function 00DC9850: _strrchr.LIBCMT ref: 00DC98FA
Part of subcall function 00DC9850: GetLastError.KERNEL32(?,?,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?,?), ref: 00DC9912
Part of subcall function 00DC9850: SetLastError.KERNEL32(00000000,?,?,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?), ref: 00DC991D

Strings

Could not set TCP_NODELAY: %s, xrefs: 00DBE386
TCP_NODELAY set, xrefs: 00DBE398

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast$_strrchr$_strncpysetsockopt
String ID: Could not set TCP_NODELAY: %s$TCP_NODELAY set
API String ID: 4037253127-1562148346
Opcode ID: 267e0d3e5e87393d22b408bd7b7ae3e7604686b41f79e8db2b75648e8297f3fb
Instruction ID: 076014270b02204127d9c3736c1962aa00ba1bb1edbf405325bddcf12d3a902c
Opcode Fuzzy Hash: 267e0d3e5e87393d22b408bd7b7ae3e7604686b41f79e8db2b75648e8297f3fb
Instruction Fuzzy Hash: E8F08276240218BFEA002A45EC46FEE7B5CDF867A9F004061FE0EAA192E771755546F1

Function 00D7B830 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00D7B8B4

Part of subcall function 00DFBF2B: __CxxThrowException@8.LIBVCRUNTIME ref: 00DFBF42

Concurrency::cancel_current_task.LIBCPMT ref: 00D7B8C9
new.LIBCMT ref: 00D7B8CF
new.LIBCMT ref: 00D7B8E3

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Concurrency::cancel_current_task$Exception@8Throw
String ID:
API String ID: 3339364867-0
Opcode ID: 2a6d6b012cfbb29358c5cb0e640bfdea6e79cb6c30f9575d61b4124c90d4fd45
Instruction ID: 21c0d09065cd83f018bafc3e03b58145b5cbddc1b143b1ba9070feb4a7d7fe4d
Opcode Fuzzy Hash: 2a6d6b012cfbb29358c5cb0e640bfdea6e79cb6c30f9575d61b4124c90d4fd45
Instruction Fuzzy Hash: EC41A771A00604DBC724DF28D88572AB7E9EB44760F148A2FE56AD7790F730E904CBB1

Function 00D73620 Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00D73649
SysAllocString.OLEAUT32 ref: 00D73680
_com_issue_error.COMSUPP ref: 00D73696
_com_issue_error.COMSUPP ref: 00D736AF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _com_issue_error$AllocString
String ID:
API String ID: 245909816-0
Opcode ID: d6db2202911db34808f1e9f3726d7594c66cd88f7dfa0e8fb077e9d3ff3d6167
Instruction ID: 42f4a4e8a2d5331ecb74976624dd6d169e9e32eb1513bed16b63afbe2a1e2658
Opcode Fuzzy Hash: d6db2202911db34808f1e9f3726d7594c66cd88f7dfa0e8fb077e9d3ff3d6167
Instruction Fuzzy Hash: D311C671800759EBD7218F55C805B5AF7E4EF40720F10C32EF918AB780E7B59940CBA0

Function 00E826EE Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,?,00000000,00000000,?,00E82695,?,00000000,00000000,00000000,?,00E829C1,00000006,FlsSetValue), ref: 00E82720
GetLastError.KERNEL32(?,00E82695,?,00000000,00000000,00000000,?,00E829C1,00000006,FlsSetValue,00EB3750,00EB3758,00000000,00000364,?,00E800D2), ref: 00E8272C
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00E82695,?,00000000,00000000,00000000,?,00E829C1,00000006,FlsSetValue,00EB3750,00EB3758,00000000), ref: 00E8273A

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 8eee97dcd02107722614b73d27d4234de9a9171617dea16c55eb99631bb36689
Instruction ID: 42d0e800c9a8ba05f9d8bb0b4ac9291c160ed864cd3b00259b03217368f2c301
Opcode Fuzzy Hash: 8eee97dcd02107722614b73d27d4234de9a9171617dea16c55eb99631bb36689
Instruction Fuzzy Hash: 2A012032605222AFC7315B7B9D84A977798AF057A47105525FB0DF7150D731DC05C7D0

Function 00E5E870 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

LCMapStringW.KERNELBASE(00000000,00000400,00000000,?,00000000,00000000,2C690420), ref: 00E5E8C5
LCMapStringW.KERNEL32(00000000,00000400,00000000,?,00000000,?,00000001,00000000), ref: 00E5E934

Strings

invalid string position, xrefs: 00E5EA06

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: String
String ID: invalid string position
API String ID: 2568140703-1799206989
Opcode ID: c580ee9af65b0bd43807bf0671907b45b96082dd6c5672e6bad1efa156fd0d1d
Instruction ID: c31c91dd6ad81a05f25c13739b3863f29846568742a8e82f28b1765ff55b5e4a
Opcode Fuzzy Hash: c580ee9af65b0bd43807bf0671907b45b96082dd6c5672e6bad1efa156fd0d1d
Instruction Fuzzy Hash: A2716C70A00248DFDB14CFA8C885BAEBBF5FF48705F14591DE806B7281D7746A49CBA5

Function 00D7A040 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D7A155

Strings

string too long, xrefs: 00D7A150
invalid string position, xrefs: 00D7A13C, 00D7A146

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: c834c0a8623f85f1c88e68c17a17aa8ee8dc9ecb17884aecc8a03c5168b55b36
Instruction ID: 0f0134c24b12f3a1626db0840bbaa6ecec02627be75754a30d9c2c816ad9cab0
Opcode Fuzzy Hash: c834c0a8623f85f1c88e68c17a17aa8ee8dc9ecb17884aecc8a03c5168b55b36
Instruction Fuzzy Hash: 5E319E323043149B8724AF6CE88086FF3E9EFD4B11750892FE55AC7614EB71981487B6

Function 00E7A084 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E7A15A

Strings

#e, xrefs: 00E7A0B3, 00E7A159
#e, xrefs: 00E7A086

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free
String ID: #e$#e
API String ID: 269201875-2321271873
Opcode ID: a7c61baf658959a49cb1340a62cb3b51ea2d7278bd0ad90be4c5811f1403e1db
Instruction ID: 6776d5d51c107900efbea1cb5c29b6a6de1b5f8c86ecdf20f8ed76eeab843827
Opcode Fuzzy Hash: a7c61baf658959a49cb1340a62cb3b51ea2d7278bd0ad90be4c5811f1403e1db
Instruction Fuzzy Hash: 99418F72A006148FDB18CF69C8C096DB7B1EB8D320B15C5AAE519EB3A0DB70AC45CB51

Function 00DBD6C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,00000000), ref: 00DBD6E6
WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?), ref: 00DBD6FC

Strings

Send failure: %s, xrefs: 00DBD724

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLastsend
String ID: Send failure: %s
API String ID: 1802528911-857917747
Opcode ID: 857424e7a132beb97c21d7dbe04e1f13546b8f9c7837ae78dc078949303c807c
Instruction ID: 21a4034ff1c1b396ac18cb3ca207e6395dbb185012ddbf3c6a9f6234319f4c2f
Opcode Fuzzy Hash: 857424e7a132beb97c21d7dbe04e1f13546b8f9c7837ae78dc078949303c807c
Instruction Fuzzy Hash: FB01F176600205AFEB019F5CEC85ADABBA8EF4A330F100072F90997261D771AC208BF0

Function 00E7D1C6 Relevance: 4.7, APIs: 3, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86fe5099d46de526de177bfd64ac816ec8b92c7be81a5f444352b627e2ab115f
Instruction ID: 16573af7d031d748541ea1ad821cfd88be21b24e087d3732ed7e960c3168ee6d
Opcode Fuzzy Hash: 86fe5099d46de526de177bfd64ac816ec8b92c7be81a5f444352b627e2ab115f
Instruction Fuzzy Hash: 5151D271E0C249ABCB11DFA9DC45FEE7BB8AF4A314F14A059F408B72A2D7749902C761

Function 00DC94B0 Relevance: 4.6, APIs: 3, Instructions: 126networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000000,?,?), ref: 00DC94CE
freeaddrinfo.WS2_32(?,?), ref: 00DC95BF
WSASetLastError.WS2_32(00002AF9,?), ref: 00DC961D

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLastfreeaddrinfogetaddrinfo
String ID:
API String ID: 1817844550-0
Opcode ID: 4ff1221a0de053f3ad18887398ff76e1109514b9e185111b5710782111a91e7b
Instruction ID: f20d624170eb880859f61d8947e3afb234d083679164c20e1b107afde408a95c
Opcode Fuzzy Hash: 4ff1221a0de053f3ad18887398ff76e1109514b9e185111b5710782111a91e7b
Instruction Fuzzy Hash: A841BDB0A007069FDB21CF6AD888B5AFBB5FF44310F18452DE849D7250DB71EA59CBA1

Function 00DA3D00 Relevance: 4.6, APIs: 3, Instructions: 86COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00DA3D28
Concurrency::cancel_current_task.LIBCPMT ref: 00DA3DAE

Part of subcall function 00DFBF2B: __CxxThrowException@8.LIBVCRUNTIME ref: 00DFBF42

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Concurrency::cancel_current_taskException@8Throw
String ID:
API String ID: 3598223435-0
Opcode ID: ebbfc8daf63ad8d3991004c7033a6fb5daca0d4a04bb667da8b401d940cb817d
Instruction ID: 92eb1719fa35ed800df88badcde371bd97e6829b742e46cc8c801ed36f151c5b
Opcode Fuzzy Hash: ebbfc8daf63ad8d3991004c7033a6fb5daca0d4a04bb667da8b401d940cb817d
Instruction Fuzzy Hash: C321D472A00014EFDF04EF6CE891A7DB7AADF463507154539F809DB206E621EE4486F1

Function 00D99600 Relevance: 4.6, APIs: 3, Instructions: 78COMMON

Download Yara Rule

APIs

UuidCreate.RPCRT4(00000000), ref: 00D9968C
UuidToStringA.RPCRT4(00000000,?), ref: 00D996A1
RpcStringFreeA.RPCRT4(00000000), ref: 00D996D6

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: StringUuid$CreateFree
String ID:
API String ID: 3044360575-0
Opcode ID: 940029cb907e92b06b62abf7cfc5d6dd35bc8e798acc74652bfa5ce01a11e6ae
Instruction ID: 07aafdba55a75c4cd8d45bf8a271718ee4a461e7dac2100359014ad7656609c5
Opcode Fuzzy Hash: 940029cb907e92b06b62abf7cfc5d6dd35bc8e798acc74652bfa5ce01a11e6ae
Instruction Fuzzy Hash: A6316DB09043489FDF10CFA9D918BAEBBF8EB49704F10465EE406A7641D7B569088BB0

Function 00E74D44 Relevance: 4.6, APIs: 3, Instructions: 54threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(2C690420,00D73CDE,Function_00104BF0,00000000,?,2C690420), ref: 00E74D8D
GetLastError.KERNEL32(?,?,?,?,?,00DF9DAB,00000000,00000000,00DF9FC0,?,00000004,?), ref: 00E74D99
__dosmaperr.LIBCMT ref: 00E74DA0

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: d4893e89cbf98067c65a5283441031958b3e651f2272db891c603cdf9617bfb3
Instruction ID: 54b825b1ccba1f10a6338f1bb5251aef8600654df416db32a56541b3a9dd6fcd
Opcode Fuzzy Hash: d4893e89cbf98067c65a5283441031958b3e651f2272db891c603cdf9617bfb3
Instruction Fuzzy Hash: 8E01D2B3505219AFCB219FA1EC04DEF7BA9EF85360F015124FA08B2190DB318C11C7A0

Function 00E74EDC Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,00E74E89,?,?,?,?), ref: 00E74F15
GetLastError.KERNEL32(?,?,?,?,00E74E89,?,?,?,?,?,?,?,?,?,00EDD458,0000001C), ref: 00E74F1F
__dosmaperr.LIBCMT ref: 00E74F26

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: fcfe925e5d864cc8b9d8e0263fa2bde7fd1145d86e17a7d48106eb8e51d81038
Instruction ID: 41080ff2d840a34f45499426305cf9129a64b5d9e05d61f04b20a3a5d32a410c
Opcode Fuzzy Hash: fcfe925e5d864cc8b9d8e0263fa2bde7fd1145d86e17a7d48106eb8e51d81038
Instruction Fuzzy Hash: AC014073B145146FCB099F59EC059AE7769DBC5334B242244F819B71D0FB71ED018790

Function 00DBF090 Relevance: 4.5, APIs: 3, Instructions: 36networkCOMMON

Download Yara Rule

APIs

SleepEx.KERNELBASE(00000000,00000000), ref: 00DBF0A8
getsockopt.WS2_32(00000004,0000FFFF,00001007,00000000,00000004), ref: 00DBF0C3
WSAGetLastError.WS2_32 ref: 00DBF0CD

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLastSleepgetsockopt
String ID:
API String ID: 3033474312-0
Opcode ID: 4cf28c81a8dc3862894f86b97811dfe13df7dfbebdd250e821762b4f6dd538ab
Instruction ID: e65586fa3b1db109a5bce1397230afc5ea10c242fbdb20c8cc0e9b7ca0713d2c
Opcode Fuzzy Hash: 4cf28c81a8dc3862894f86b97811dfe13df7dfbebdd250e821762b4f6dd538ab
Instruction Fuzzy Hash: A9F09630604209EFDB10AF55DC49BFE7BBCAB01741F248075E946AA1A1DB71EA089B70

Function 00E74CA4 Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00E80084: GetLastError.KERNEL32(?,?,?,00E6DA2C,00E75FA2,?,00E8002E,00000001,00000364,?,00E74C15,00EDD438,00000010), ref: 00E80089
Part of subcall function 00E80084: _free.LIBCMT ref: 00E800BE
Part of subcall function 00E80084: SetLastError.KERNEL32(00000000), ref: 00E800F2

ExitThread.KERNEL32 ref: 00E74CB6
CloseHandle.KERNEL32(?,?,?,00E74DD6,?,?,00E74C4D,00000000), ref: 00E74CDE
FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,00E74DD6,?,?,00E74C4D,00000000), ref: 00E74CF4

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
String ID:
API String ID: 1198197534-0
Opcode ID: 259298990fee64be0e0ee7a67190e69718aed72f8e2d07558a204cb050480442
Instruction ID: 2407902ec3e2af340bc360b9948a21b77dc28fcdb591529127f38ffd76335e8f
Opcode Fuzzy Hash: 259298990fee64be0e0ee7a67190e69718aed72f8e2d07558a204cb050480442
Instruction Fuzzy Hash: B8F08970102A04ABEB236B35CD08A56BAD86F05368F189B14FC2CF65F1D730EC45C650

Function 00DF3ACF Relevance: 4.5, APIs: 3, Instructions: 17COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00DF3AD6
_Getvals.LIBCPMT ref: 00DF3AF2

Part of subcall function 00DF24C0: __Getcvt.LIBCPMT ref: 00DF24D2
Part of subcall function 00DF24C0: std::_Locinfo::_Getdays.LIBCPMT ref: 00DF24EB
Part of subcall function 00DF24C0: std::_Locinfo::_Getmonths.LIBCPMT ref: 00DF2504

__Getdateorder.LIBCPMT ref: 00DF3AF7

Part of subcall function 00DF5BA6: ___crtGetLocaleInfoEx.LIBCPMT ref: 00DF5BC2

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Locinfo::_std::_$GetcvtGetdateorderGetdaysGetmonthsGetvalsH_prolog3_catchInfoLocale___crt
String ID:
API String ID: 4028787925-0
Opcode ID: 49ee3e8d47b39599553d93a23a9000777554e661078618ea9706cc86f3b54d38
Instruction ID: a6dd4584cf065126c81b34aff0b82e73bdf2f779e6487f62a20b9d4c77344009
Opcode Fuzzy Hash: 49ee3e8d47b39599553d93a23a9000777554e661078618ea9706cc86f3b54d38
Instruction Fuzzy Hash: 0FE0BFB0C017089FCB60EF78850162A7AE0EF04760741C92EA549DB601DB7496008B71

Function 00DAAA80 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00DAAB3A

Strings

vector<T> too long, xrefs: 00DAAB35

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 909987262-3788999226
Opcode ID: b4c7388d6a68406cb81ca174584ac1abd2c4895ba6bf7dba1c62a6c5ea42f4b9
Instruction ID: d406ae95a64767140dd8810767eed3d15479befccb8efa54257deebf0914329c
Opcode Fuzzy Hash: b4c7388d6a68406cb81ca174584ac1abd2c4895ba6bf7dba1c62a6c5ea42f4b9
Instruction Fuzzy Hash: 0141CD707042499FDB15CF2DC490AAABBA6FF46310F28C269E8558B391D774DD81CBB1

Function 00DBDC10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

Part of subcall function 00DB4550: GetTickCount.KERNEL32 ref: 00DB4551

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DBDCC4

Strings

Connection time-out, xrefs: 00DBDC52

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CountTickUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: Connection time-out
API String ID: 2079752757-165637984
Opcode ID: e3c3b71851798100b55d6f8d5a3665b5be2121f38673dc746f922ee4c4f741a1
Instruction ID: 078db7646543f4c2568191d0aaf4d1b210971aa140e70530d28807f6f3a2cddf
Opcode Fuzzy Hash: e3c3b71851798100b55d6f8d5a3665b5be2121f38673dc746f922ee4c4f741a1
Instruction Fuzzy Hash: B431BC71B01606EFDB14DF68D841BEABBE4FF48324F144279E9599B381E771A9108BE0

Function 00DA5140 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00DA5258

Strings

D, xrefs: 00DA5251

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Exception@8Throw
String ID: D
API String ID: 2005118841-3280389146
Opcode ID: 3b3460be982532895b3e5fe8566b84260756a18774fd927add42f190e352754f
Instruction ID: aa3959b86897f46024edf72810a387a8964a779d0eafa21de82db231b5bafd65
Opcode Fuzzy Hash: 3b3460be982532895b3e5fe8566b84260756a18774fd927add42f190e352754f
Instruction Fuzzy Hash: AC41C2B0E05B089FDF28CF64D0547BABBF0AF16304F28869ED4469B391D770A945CB90

Function 00D8A490 Relevance: 3.1, APIs: 2, Instructions: 81threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00D8A4D0
SetEvent.KERNEL32(00000000,?,00000000,?), ref: 00D8A54C

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CurrentEventThread
String ID:
API String ID: 2592414440-0
Opcode ID: 6bf19ca432e81964afe1a2e576c66b7b5137696d36cf9a3b51d4af2570785dd4
Instruction ID: 6847ca13f2e6ca715bd5110100a16ad736964464c61482a977a0f41eb7ba31b7
Opcode Fuzzy Hash: 6bf19ca432e81964afe1a2e576c66b7b5137696d36cf9a3b51d4af2570785dd4
Instruction Fuzzy Hash: 5231D071A0030ADFDB11DF58D840B9EF7F4FB44324F20456EE81AA3240D735A944CBA0

Function 00E7CDE1 Relevance: 3.1, APIs: 2, Instructions: 77fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(7408458B,?,?,?,00000000,?,00E6E49E,E0830C40,?,00E7D31D,00DE30C1,00E6E49E,?,00E6E49E,00E6E49E,00DE30C1), ref: 00E7CE7C
GetLastError.KERNEL32(?,00E7D31D,00DE30C1,00E6E49E,?,00E6E49E,00E6E49E,00DE30C1,00E6E49E,?,00EDD600,00000014,00E6DEB2,00000000,8304488B,00DE30C1), ref: 00E7CEA5

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 355611be2d4867b7087104326324e85fbc1e9193bbc27c4217122916f6b062b9
Instruction ID: 15d390778cd7938cdb52dfda783a6b5f71554ea516e67365092b1896cb346ba6
Opcode Fuzzy Hash: 355611be2d4867b7087104326324e85fbc1e9193bbc27c4217122916f6b062b9
Instruction Fuzzy Hash: 702191756002199FCB24CF59CC80AF9B3F9EB48315F2094AEE94AE7251D770AE85CB60

Function 00E82652 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,?), ref: 00E826B2
__crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E826BF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: AddressProc__crt_fast_encode_pointer
String ID:
API String ID: 2279764990-0
Opcode ID: b20f0e18191595515307aa70e498273f3ffd81349fe72eac2cefc7634a909e0e
Instruction ID: 88768f986987235bffd548ac553290c15d2d2adcd203d3b05007ec665a2b7bae
Opcode Fuzzy Hash: b20f0e18191595515307aa70e498273f3ffd81349fe72eac2cefc7634a909e0e
Instruction Fuzzy Hash: FF115C33A00525DF8F22AE59EC809AA7395AB803647168125FE1DFF244FB31EC4297E0

Function 00DF9D90 Relevance: 3.0, APIs: 2, Instructions: 41threadCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,?,00D73CDE,2C690420), ref: 00DF9DD1
ResumeThread.KERNELBASE(?,?,?,?,?,00D73CDE,2C690420), ref: 00DF9DDF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CloseHandleResumeThread
String ID:
API String ID: 3265327148-0
Opcode ID: 510d351c5b94df77e834b7e5c3c29d8065156a7a2d1b0c2cd5b214028a8668ad
Instruction ID: 74502c3f8e549ffd3389eef7da39a56ab55425cc1eacb556b9d509017a0792af
Opcode Fuzzy Hash: 510d351c5b94df77e834b7e5c3c29d8065156a7a2d1b0c2cd5b214028a8668ad
Instruction Fuzzy Hash: 4CF096B16002019FDB109F99DCC5FA6F3A8EF49325F29805BFB14D72A1D770E8929A60

Function 00E74BF0 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00EDD438,00000010), ref: 00E74C03
ExitThread.KERNEL32 ref: 00E74C0A

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: c82e1af764e13b35a49fca41e8fad30d87f399d1468cfce31896911abe162af9
Instruction ID: 593e62f67af74bcfa11d582f53403b55ef92eeda87d4e107de616076a2b8e8e2
Opcode Fuzzy Hash: c82e1af764e13b35a49fca41e8fad30d87f399d1468cfce31896911abe162af9
Instruction Fuzzy Hash: 04F0FFB0600204AFDB01BFB0D90AA6D7BB1EF09700F105589F10D7B2A2DB706905CBA0

Function 00DB01D0 Relevance: 3.0, APIs: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00DB01EF
WSACleanup.WS2_32 ref: 00DB021A

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CleanupStartup
String ID:
API String ID: 915672949-0
Opcode ID: 6c974c8212b71600777fd97a694fc3e54d9dbceab667abfef84963594ce87108
Instruction ID: 5c0b2e41d8a6c31999e30b1d3bd130cf294d636753f0e400ee6bce8c178fe100
Opcode Fuzzy Hash: 6c974c8212b71600777fd97a694fc3e54d9dbceab667abfef84963594ce87108
Instruction Fuzzy Hash: 6FF0B43060010C9FDF60DFA5DC0EBBA73A9DB09300F400199E80A96241ED349D0A8A61

Function 00DBD020 Relevance: 3.0, APIs: 2, Instructions: 16sleepnetworkCOMMON

Download Yara Rule

APIs

WSASetLastError.WS2_32(00002726,?,00DBC8D8,00DB1205,00000000), ref: 00DBD031
Sleep.KERNELBASE(00DB1205,?,00DBC8D8,00DB1205,00000000), ref: 00DBD03D

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: 4c0a9890d303bbf5173aea03bd6942805f8d35800542aeb86092e0022382d96e
Instruction ID: 54e6c70dcf1a8a71543ee9e841544bbe77ca25b96f27b0b200f4cee03d9771dd
Opcode Fuzzy Hash: 4c0a9890d303bbf5173aea03bd6942805f8d35800542aeb86092e0022382d96e
Instruction Fuzzy Hash: 86D01270254208DB9F106FB9EC49D5637DD6B49B71B044611F41ED51D1EB20F5488565

Function 00D8F840 Relevance: 1.6, APIs: 1, Instructions: 127COMMON

Download Yara Rule

APIs

Part of subcall function 00DF8D90: TlsGetValue.KERNEL32(FFFFFFFF,?,00E05384,00000000,2C690420,?,?), ref: 00DF8DA4

new.LIBCMT ref: 00D8F8A9

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 40472aaa1d8106367b914d40a3d39889e5f9267eec65199daad3df194d01e3d2
Instruction ID: 5949c367464121b16fde7b5952809fbfd8c1a3b4e335b31a8928fd6dc7624f7a
Opcode Fuzzy Hash: 40472aaa1d8106367b914d40a3d39889e5f9267eec65199daad3df194d01e3d2
Instruction Fuzzy Hash: 2D4190B1A00609EFDB04EF68C841BAAB7F8FF44710F148269E50997391E775AA45CBF1

Function 00D96680 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Part of subcall function 00D9D820: ___std_exception_copy.LIBVCRUNTIME ref: 00D9D87C
Part of subcall function 00D9D820: ___std_exception_copy.LIBVCRUNTIME ref: 00D9D8E7
Part of subcall function 00D9D820: GetCurrentThreadId.KERNEL32 ref: 00D9D922

SetEvent.KERNEL32(00000000,00EE9DB8,00000000,000000FF,2C690420), ref: 00D967FC

Part of subcall function 00D73EA0: GetProcessHeap.KERNEL32(00000000,00000008), ref: 00D73F76
Part of subcall function 00D73EA0: HeapFree.KERNEL32(00000000), ref: 00D73F7D

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Heap___std_exception_copy$CurrentEventFreeProcessThread
String ID:
API String ID: 3090538075-0
Opcode ID: a08fd4a4c2f805f90791d298449ef1c3a99ccb13794e34c090b0da5285a535d3
Instruction ID: d280e101e9a2ea38206e01edb121c2a11ab5b7de964f5aba4d7a25f71b7934d4
Opcode Fuzzy Hash: a08fd4a4c2f805f90791d298449ef1c3a99ccb13794e34c090b0da5285a535d3
Instruction Fuzzy Hash: 1F41B1709002599FDF15DFA8DC85BEEBBF4EF41314F104619E016AB2D2EB749944CBA1

Function 00E6DA81 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

@_EH4_CallFilterFunc@8.LIBCMT ref: 00E6DB49

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CallFilterFunc@8
String ID:
API String ID: 4062629308-0
Opcode ID: 464c5d247b0c17c4b52fb743af1fd887364b00d1ad8d7b1937dec840dd4bc1d0
Instruction ID: e9075ab368c07cae005e86341c6edc27ba98d048453a73c833baf449fdfdcf99
Opcode Fuzzy Hash: 464c5d247b0c17c4b52fb743af1fd887364b00d1ad8d7b1937dec840dd4bc1d0
Instruction Fuzzy Hash: 94212871F9C2184ACB186BA4BC0176D33919F453B8F597349E021BA2E6D6748942C755

Function 00DBD9A0 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,00000000), ref: 00DBDA49

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 0a93f341d26220d033ca18aa7675b20280aac463bbc03674909978a2096c46a6
Instruction ID: def3fd352f2f64c6af07ce4c21c9a1ee2f039f665595e30ee5603a2a56d19ff6
Opcode Fuzzy Hash: 0a93f341d26220d033ca18aa7675b20280aac463bbc03674909978a2096c46a6
Instruction Fuzzy Hash: 3C216071108304DFE7208F19DC44B92B3E5EF50728F2C9529E9AA976D1E371F845CB64

Function 00DBE290 Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(?,?,?), ref: 00DBE323

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: socket
String ID:
API String ID: 98920635-0
Opcode ID: 9a7ff9f21e1737be2dc7f3bae85b7c8f5d45798ced09632613323b024b3350ff
Instruction ID: 971549271f72e3c5729946c142ad08db68741b52d5ee4cfe253502c6a8b47661
Opcode Fuzzy Hash: 9a7ff9f21e1737be2dc7f3bae85b7c8f5d45798ced09632613323b024b3350ff
Instruction Fuzzy Hash: 4F216770600209DFDB10CF68CC80B96B7F5FF48310F148979E99ADB291DA31E851CBA0

Function 00D9F7D0 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00D9F810

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e188597252bd33cd4ac9426165dde22862caafd1104e62d97ac6d522f5631fef
Instruction ID: 06e24a811146a6ebd042f9fdf034863be433a1faeddafc3dc6a7d32481435620
Opcode Fuzzy Hash: e188597252bd33cd4ac9426165dde22862caafd1104e62d97ac6d522f5631fef
Instruction Fuzzy Hash: 14118EB1904749EFDB00CF89C880B9AFBF8FF48314F10816AE815A7350D3B56A04CB90

Function 00DABD80 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00DABDAD

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 107402370652e24a34011002f8951d6aa18ae7594b62e738f66ed26632482242
Instruction ID: 1b9b0b52bad8b6777191332bf37025640cca44b0d092832bfa4e198edc8e70a7
Opcode Fuzzy Hash: 107402370652e24a34011002f8951d6aa18ae7594b62e738f66ed26632482242
Instruction Fuzzy Hash: 9511B2B1904248EBDB20CF59D841B5AFBF8EB05720F10465AF81697381D7B5AA04CBF1

Function 00D78630 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00D78680

Part of subcall function 00D7C8E0: __CxxThrowException@8.LIBVCRUNTIME ref: 00D7C92E
Part of subcall function 00D7C8E0: ___std_exception_copy.LIBVCRUNTIME ref: 00D7C95E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_exception_copy$Exception@8Throw
String ID:
API String ID: 3804135023-0
Opcode ID: cd53e4c29f02445d75f4322bc37b8fc5b9e21ecfe1abc0cf66bfc7bf533bc187
Instruction ID: 51c9819283911a3246158b5d5a995392ed8cc094eb39e6ec8d558dc62d86b8e6
Opcode Fuzzy Hash: cd53e4c29f02445d75f4322bc37b8fc5b9e21ecfe1abc0cf66bfc7bf533bc187
Instruction Fuzzy Hash: 52115EB1D0024C9BCB00DFA4C941BDEB7F8EB49714F644669E815B7281EB756A448B60

Function 00DA2570 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00DA25DF

Part of subcall function 00E61273: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFBF47,?,?,?,?,?,?,?,?,00DFBF47,?,00ED0200), ref: 00E612D2

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: DispatcherExceptionException@8ThrowUser
String ID:
API String ID: 2513928553-0
Opcode ID: f761765f44dca675b450cef825b16633fb104d43ad7d386d61ef10ea20d1388a
Instruction ID: 453b86f90b44bd7c6725165d6a3735dc95fb270e89bad1ba3a8cc6066ce7ca7d
Opcode Fuzzy Hash: f761765f44dca675b450cef825b16633fb104d43ad7d386d61ef10ea20d1388a
Instruction Fuzzy Hash: 2B018174D00218AFCB04DF64D941F8EBBB8FF08710F2081A9B515E7391DB74AA09CB90

Function 00E6E9BE Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d19793f29929a277516686cf137a3b4d209c8759da157923ef4eeedc34a6fe
Instruction ID: 8ada516670d3780101fc66b6d627a9c02bb785aba01d715e29537b0f64817a99
Opcode Fuzzy Hash: a9d19793f29929a277516686cf137a3b4d209c8759da157923ef4eeedc34a6fe
Instruction Fuzzy Hash: 69F07D369906101AD6213A7AFC05BAA32D89F423B4F142705F578B32D1CB70EA068691

Function 00D85180 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00D851DA

Part of subcall function 00D89BD0: __CxxThrowException@8.LIBVCRUNTIME ref: 00D89C1E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Exception@8Throw___std_exception_copy
String ID:
API String ID: 284963293-0
Opcode ID: d430ad437ec81ccab8e1049d00d48bbab4662b14527778ef7dd929d6973b8bd6
Instruction ID: 7b96d0b7f47da9be740e1e04a6d8918ffe1f93e8177603fba036f80fe3621301
Opcode Fuzzy Hash: d430ad437ec81ccab8e1049d00d48bbab4662b14527778ef7dd929d6973b8bd6
Instruction Fuzzy Hash: E10144B1D0064C9BCF00DFA4DD46BDEB7F8EB49314F50466AE805B7741EB7566488BA0

Function 00DA0A20 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00DA0A91

Part of subcall function 00DE2B79: std::ios_base::_Tidy.LIBCPMT ref: 00DE2B99

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::ios_base::_$Ios_base_dtorTidy
String ID:
API String ID: 3167631304-0
Opcode ID: 51c3f1e860ea5a9af44e0ad665fc859e118a311d0b59bd9f808ebe900d9f964d
Instruction ID: 267636578b913d57ed4d45407f539ed2b774ac2380d3a3ad90391e8600b97d62
Opcode Fuzzy Hash: 51c3f1e860ea5a9af44e0ad665fc859e118a311d0b59bd9f808ebe900d9f964d
Instruction Fuzzy Hash: 1C115775A00248DFEB11CF59C981E59B7F8FB0A318F11899EE88A9B351D772E905CF50

Function 00D99CC0 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00D99D31

Part of subcall function 00DE2B79: std::ios_base::_Tidy.LIBCPMT ref: 00DE2B99

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::ios_base::_$Ios_base_dtorTidy
String ID:
API String ID: 3167631304-0
Opcode ID: 4c8c8df34c5d4cf4e7b6147ea2f29e4ac95429c4eaffb517ed0e65f2a74f3b62
Instruction ID: dfae70ebbf16f4d4532baf4c79b3550917847cc7fa453ae12fbc14afde45378b
Opcode Fuzzy Hash: 4c8c8df34c5d4cf4e7b6147ea2f29e4ac95429c4eaffb517ed0e65f2a74f3b62
Instruction Fuzzy Hash: B5115B75604648DFD711CF68C949E59B7F8FB08304F1042AEE8499B351D772F906CB50

Function 00E75F50 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00E8002E,00000001,00000364,?,00E74C15,00EDD438,00000010), ref: 00E75F91

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5686605f482d4708fd1631eaee168d4e1a9b92eda7a1425ec8e69c14ecdc5438
Instruction ID: 7dcf4e68bc1ebb8fd190874133ea0a426c484f581bca7cb2c142be233c284b87
Opcode Fuzzy Hash: 5686605f482d4708fd1631eaee168d4e1a9b92eda7a1425ec8e69c14ecdc5438
Instruction Fuzzy Hash: CBF0E033704E24AFDB195B56DC05F9A3789EF41760B24E512F81CFA080DBB0D80586D1

Function 00E76524 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000003,00000000,?,00000003,00E80083), ref: 00E76556

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 65f2b1f546f7bb84d56ab6c30c44c2572388070ecdfbf519409796ec57a83722
Instruction ID: 40f492a3c0d0c6464ddc0838a55281718eea29caed305ce537701bf6d9275f6a
Opcode Fuzzy Hash: 65f2b1f546f7bb84d56ab6c30c44c2572388070ecdfbf519409796ec57a83722
Instruction Fuzzy Hash: A4E02B31604A509AD7216A66AC00B9A3A889F41BBCF54F610FC1EF60DCCB20CC01E2E2

Function 00DDB850 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,8004667E,00DBEDA6), ref: 00DDB86A

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 92cf3a51957a1589cb677bcb6325b595f8a8a0f287384fc1e13977d5ee7d4630
Instruction ID: 18769d142f498b06effc9e6485eaa0ed4bfe3384fc9533af292502c777a30d25
Opcode Fuzzy Hash: 92cf3a51957a1589cb677bcb6325b595f8a8a0f287384fc1e13977d5ee7d4630
Instruction Fuzzy Hash: 88D0C93140020CEFCB005F71D8048D937ADEB04225B00C036B91995020EA34AA64DF54

Function 00DB4A70 Relevance: 1.3, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000008,?,00EA0CB8,?), ref: 00DB4B25

Part of subcall function 00DB4B40: InitializeCriticalSection.KERNEL32(00000000,?,?,?,?,00EA0CB8,?), ref: 00DB4B82

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CriticalErrorInitializeLastSection
String ID:
API String ID: 3413597225-0
Opcode ID: 4e226bd5bc602daf7ab956eb8b529da63369a7d429073204c7b8e75aef18b569
Instruction ID: a8d5b50bf88d2cac95749b1006e8bc0faa3da7ba6bb22df7a64c5f91dd2e09d9
Opcode Fuzzy Hash: 4e226bd5bc602daf7ab956eb8b529da63369a7d429073204c7b8e75aef18b569
Instruction Fuzzy Hash: BE11E2B1600309EFDB109F65EC85FCB7BE8EF44318F044429FA1A96242E772E5188B79

Non-executed Functions

Function 00DBE690 Relevance: 28.4, APIs: 8, Strings: 8, Instructions: 354networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 00DBE8CB
bind.WS2_32(00000002,?,00000000), ref: 00DBEA06
htons.WS2_32(?), ref: 00DBEA43
bind.WS2_32(00000002,00000002,00000000), ref: 00DBEA5E
getsockname.WS2_32(00000002,?,00000080), ref: 00DBEA97
WSAGetLastError.WS2_32 ref: 00DBEAA5

Part of subcall function 00DC7DE0: SetLastError.KERNEL32(0000273F,?,00DB41D2,00000002,00DB300A,?), ref: 00DC7DEE

WSAGetLastError.WS2_32 ref: 00DBEAE5

Strings

bind failed with errno %d: %s, xrefs: 00DBEB01
getsockname() failed with errno %d: %s, xrefs: 00DBEAC1
Couldn't bind to '%s', xrefs: 00DBE9A7
Couldn't bind to interface '%s', xrefs: 00DBE982
Name '%s' family %i resolved to '%s' family %i, xrefs: 00DBE87A
Bind to local port %hu failed, trying next, xrefs: 00DBEA29
Local port: %hu, xrefs: 00DBEB29
Local Interface %s is ip %s using address family %i, xrefs: 00DBE94B

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast$bindhtons$getsockname
String ID: Bind to local port %hu failed, trying next$Couldn't bind to '%s'$Couldn't bind to interface '%s'$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$getsockname() failed with errno %d: %s
API String ID: 2249331600-2769131373
Opcode ID: c86feba836cf83f0dc86cf728cec693d31473f9fce04fb4c2aaa4879a6992fe8
Instruction ID: 5b71a2008289a562604595b9488552401c1f4208f6abada888018cec72fe7841
Opcode Fuzzy Hash: c86feba836cf83f0dc86cf728cec693d31473f9fce04fb4c2aaa4879a6992fe8
Instruction Fuzzy Hash: 01C1A475A00218AFDF21DF24DC95BFAB7B8EF46304F0440E9F90EA7252EA715A458B71

Function 00DC9850 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 83windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000010,00000000,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?,?), ref: 00DC9856
_strncpy.LIBCMT ref: 00DC988A
FormatMessageA.KERNEL32(00001000,00000000,00DBE64F,00000000,-0000030C,000000FF,00000000,00DBE64F,00000010,00000000), ref: 00DC98B6
___swprintf_l.LIBCMT ref: 00DC98CD
_strrchr.LIBCMT ref: 00DC98DF
_strrchr.LIBCMT ref: 00DC98FA
GetLastError.KERNEL32(?,?,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?,?), ref: 00DC9912
SetLastError.KERNEL32(00000000,?,?,?,?,00DBE64F,00000010,00000000,?,?,?,?,?,?,?,?), ref: 00DC991D

Strings

Unknown error %d (%#x), xrefs: 00DC98C2

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast$_strrchr$FormatMessage___swprintf_l_strncpy
String ID: Unknown error %d (%#x)
API String ID: 1238453913-2414550090
Opcode ID: deac2ae79202595d05445c7e1ea656c93827546ea7d1af6b34c4a6392c47fef8
Instruction ID: 32bce969bc5c1430acb600e8c8ca5383fed6f871b22eee42bed227565feaa1d9
Opcode Fuzzy Hash: deac2ae79202595d05445c7e1ea656c93827546ea7d1af6b34c4a6392c47fef8
Instruction Fuzzy Hash: AA21E4616402536AEB2122356C5EF7FB99CDF47B59F08103CF90DB75C2FAA0990092B2

Function 00DC77E0 Relevance: 13.9, APIs: 4, Strings: 5, Instructions: 399COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000000), ref: 00DC799C
SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DC79A6
GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00DC79BE
SetLastError.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00DC79CC

Strings

%02d:%02d:%02d%n, xrefs: 00DC794D
<, xrefs: 00DC7BCC
%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz], xrefs: 00DC787F
%02d:%02d%n, xrefs: 00DC797A
+, xrefs: 00DC7A42

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast
String ID: %02d:%02d%n$%02d:%02d:%02d%n$%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]$+$<
API String ID: 1452528299-2356964677
Opcode ID: df206ecb6418e1570a96faf2394b7d6cb1151b34540056c3191934c972b4deee
Instruction ID: f9fb6f660708aa30c614cee611b3885fd4816cd3157aed4eafafe5a5f9e2d618
Opcode Fuzzy Hash: df206ecb6418e1570a96faf2394b7d6cb1151b34540056c3191934c972b4deee
Instruction Fuzzy Hash: 74E18271E0421A9BCF14DFA8D985BADBBB5AF49320F18422AE429F72C1D7309D458F60

Function 00DE0240 Relevance: 6.0, APIs: 4, Instructions: 37encryptionCOMMON

Download Yara Rule

APIs

CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,00000000,?,?,00DE0380,?,?,?,?,00000000), ref: 00DE025C
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000010,00000000,?,?,00DE0380,?,?,?,?,00000000), ref: 00DE0276
CryptDestroyHash.ADVAPI32(00000000,?,?,00DE0380,?,?,?,?,00000000), ref: 00DE0284
CryptReleaseContext.ADVAPI32(00000000,00000000,?,00DE0380,?,?,?,?,00000000), ref: 00DE0294

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Crypt$Hash$Param$ContextDestroyRelease
String ID:
API String ID: 2110207923-0
Opcode ID: b6518566230fe80466734d146269ad6f38c8b5c8ead58600008bed68a08f894b
Instruction ID: a7a9c3fede528bc38ca0a1813ce277d653607bfcb864b9bc7ce2537727ba27ef
Opcode Fuzzy Hash: b6518566230fe80466734d146269ad6f38c8b5c8ead58600008bed68a08f894b
Instruction Fuzzy Hash: 33F04934640308FFEB209F91CD4AF9ABBACEB09B01F108444FA09A6190C7B1EE44DB70

Function 00DFBF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142COMMONLIBRARYCODE

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00DFBF5F

Part of subcall function 00E61273: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFBF47,?,?,?,?,?,?,?,?,00DFBF47,?,00ED0200), ref: 00E612D2

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00DFBF7E

Strings

, xrefs: 00DFC0DB

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: DispatcherExceptionException@8FeaturePresentProcessorThrowUser
String ID:
API String ID: 562353910-3916222277
Opcode ID: 0ce4e094cac0461598713a34b1bc703c719a24e9e0170d18f269f0d22b77cad3
Instruction ID: d619e14df8c994a0f6ad7fbbf81f63b0a9f8124c69d43108681662e16f25be43
Opcode Fuzzy Hash: 0ce4e094cac0461598713a34b1bc703c719a24e9e0170d18f269f0d22b77cad3
Instruction Fuzzy Hash: 9F51AD71D1064CDFDB24CFA9E9857AABBF4FB04310F14C12AE905EB290D7709999CB60

Function 00E69047 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00E6913F
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00E69149
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00E69156

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: abe162ec8bb211856e86142979fa4bd0d0bc8e179326ff09d7619806b71c2d82
Instruction ID: 98cf4aa46ace2cd61b1a2291200409f3033a41693f03a54f76f5795eb3f9b130
Opcode Fuzzy Hash: abe162ec8bb211856e86142979fa4bd0d0bc8e179326ff09d7619806b71c2d82
Instruction Fuzzy Hash: 4631F37094222DABCB61DF64E889B9DBBB8FF08310F5041DAE40CA6251E7309B858F54

Function 00E82AD8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,00E7A87A,?,00000006), ref: 00E82B2B

Strings

GetLocaleInfoEx, xrefs: 00E82AF3

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 78128f25671800c90b61a3216b99bf773f9391eba13116961c159fd4fecd3b8d
Instruction ID: 38d7f1847aa4e0cf307d7ab0589fe4fbea38958acb0214ba8930a4f6c190ce48
Opcode Fuzzy Hash: 78128f25671800c90b61a3216b99bf773f9391eba13116961c159fd4fecd3b8d
Instruction Fuzzy Hash: 4DF0F071A01318BBCF02AF61DC06EAF7BA4EF19B10F00411EFD0D7A291CB71AA119794

Function 00DE01E0 Relevance: 3.0, APIs: 2, Instructions: 22encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32(00DE034F,00000000,00000000,00000001,F0000000,00000000,?,00DE034F,?,?,00000000,?,00000000,00000000,?), ref: 00DE01F3
CryptCreateHash.ADVAPI32(00DE034F,00008003,00000000,00000000,00DE0353,?,00DE034F,?,?,00000000,?,00000000,00000000,?), ref: 00DE020C

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Crypt$AcquireContextCreateHash
String ID:
API String ID: 1914063823-0
Opcode ID: 43bb7188c7a43e3432594642f2ab55f3b84c4436b4f91ff7576a770e0d49b101
Instruction ID: ab4151306e7fc11eeb5603d2e111692645e32e68eda86d2fe9529093792cb14b
Opcode Fuzzy Hash: 43bb7188c7a43e3432594642f2ab55f3b84c4436b4f91ff7576a770e0d49b101
Instruction Fuzzy Hash: CDE01731280318BBFA305A52EC46F967B9CAB09B50F214811B745BA0D0C6E1B9048BAC

Function 00D7F870 Relevance: 3.0, APIs: 2, Instructions: 14encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 00D7F87D
CryptDestroyHash.ADVAPI32(?,?,00000000), ref: 00D7F888

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Crypt$ContextDestroyHashRelease
String ID:
API String ID: 3989222877-0
Opcode ID: 7b876936db803010ed70ae179de322b4896baf988c9763f52d43f6998be1e88a
Instruction ID: b466e6e509a80da22351541568bb5e604e3d13a0b93bf4481a33a84d4c430152
Opcode Fuzzy Hash: 7b876936db803010ed70ae179de322b4896baf988c9763f52d43f6998be1e88a
Instruction Fuzzy Hash: E3D09236101214EFCB019F99E844A85BBA8EF0E761F004451FA499B220CA72B8148B91

Function 00DE0220 Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON

Download Yara Rule

APIs

CryptHashData.ADVAPI32(?,?,?,00000000,?,00DE0374,?,?,00000000,?,?,?,00000000,?,00000000,00000000), ref: 00DE0231

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CryptDataHash
String ID:
API String ID: 4245837645-0
Opcode ID: f01bb3d63c0304b72ca3a5b8203dfd998bf072b0bf800380d39667bffd0bbef1
Instruction ID: f1be8b0237665c239101ee8d2d58085860bcd52eec9c1daea887b2870133b501
Opcode Fuzzy Hash: f01bb3d63c0304b72ca3a5b8203dfd998bf072b0bf800380d39667bffd0bbef1
Instruction Fuzzy Hash: 25C00236140208AFCF015F85DC45F997BA9BB0C710F048450BA185A161D772E5209B44

Function 00DC9D10 Relevance: 89.4, APIs: 1, Strings: 50, Instructions: 134COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00DC9F25

Strings

Protocol is unsupported, xrefs: 00DC9DC5
Address not available, xrefs: 00DC9E01
No buffer space, xrefs: 00DC9E3D
Call interrupted, xrefs: 00DC9D43
Operation not supported, xrefs: 00DC9DD9
Need destination address, xrefs: 00DC9D9D
Host not found, try again, xrefs: 00DC9F15
Protocol family not supported, xrefs: 00DC9DED
Host not found, xrefs: 00DC9EEB
Something is stale, xrefs: 00DC9EC1
Loop??, xrefs: 00DC9E83
Connection refused, xrefs: 00DC9E79
Call would block, xrefs: 00DC9D7F
Bad quota, xrefs: 00DC9EBA
Too many users, xrefs: 00DC9EB3
Timed out, xrefs: 00DC9E6F
Winsock version not supported, xrefs: 00DC9EE4
Socket is not connected, xrefs: 00DC9E51
Invalid arguments, xrefs: 00DC9D6B
Socket has been shut down, xrefs: 00DC9E5B
Not empty, xrefs: 00DC9EA5
Unrecoverable error in call to nameserver, xrefs: 00DC9F0E, 00DC9F23
Network down, xrefs: 00DC9E0B
Process limit reached, xrefs: 00DC9EAC
Remote error, xrefs: 00DC9EC8
Disconnected, xrefs: 00DC9ECF
Network has been reset, xrefs: 00DC9E1F
No data record of requested type, xrefs: 00DC9F07
Protocol option is unsupported, xrefs: 00DC9DBB
Bad file, xrefs: 00DC9D4D
Bad message size, xrefs: 00DC9DA7
Address family not supported, xrefs: 00DC9DE3
Connection was reset, xrefs: 00DC9E33
Winsock library not initialised, xrefs: 00DC9EDD
Host down, xrefs: 00DC9E97
Socket is already connected, xrefs: 00DC9E47
Bad protocol, xrefs: 00DC9DB1
Connection was aborted, xrefs: 00DC9E29
Descriptor is not a socket, xrefs: 00DC9D93
Bad argument, xrefs: 00DC9D61
Name too long, xrefs: 00DC9E8D
Out of file descriptors, xrefs: 00DC9D75
Too many references, xrefs: 00DC9E65
Bad access, xrefs: 00DC9D57
Blocking call in progress, xrefs: 00DC9D89
Host unreachable, xrefs: 00DC9E9E
Winsock library is not ready, xrefs: 00DC9ED6
Address already in use, xrefs: 00DC9DF7
Network unreachable, xrefs: 00DC9E15
Socket is unsupported, xrefs: 00DC9DCF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _strncpy
String ID: Address already in use$Address family not supported$Address not available$Bad access$Bad argument$Bad file$Bad message size$Bad protocol$Bad quota$Blocking call in progress$Call interrupted$Call would block$Connection refused$Connection was aborted$Connection was reset$Descriptor is not a socket$Disconnected$Host down$Host not found$Host not found, try again$Host unreachable$Invalid arguments$Loop??$Name too long$Need destination address$Network down$Network has been reset$Network unreachable$No buffer space$No data record of requested type$Not empty$Operation not supported$Out of file descriptors$Process limit reached$Protocol family not supported$Protocol is unsupported$Protocol option is unsupported$Remote error$Socket has been shut down$Socket is already connected$Socket is not connected$Socket is unsupported$Something is stale$Timed out$Too many references$Too many users$Unrecoverable error in call to nameserver$Winsock library is not ready$Winsock library not initialised$Winsock version not supported
API String ID: 2961919466-3442644082
Opcode ID: 0ac78fc27547e5696ca8ca5608b70f502bee5a67a655c484ca0a8d360796a636
Instruction ID: 8b3726ce3b92d2a3db11fa703adb41af9b8c61074d8ab2e4c5a44c4cb6afbedb
Opcode Fuzzy Hash: 0ac78fc27547e5696ca8ca5608b70f502bee5a67a655c484ca0a8d360796a636
Instruction Fuzzy Hash: 204145A3209207934710085C657EF65D5A4EFEB3007A5A26EF496EF291D282ED8723B3

Function 00DC6890 Relevance: 47.5, APIs: 19, Strings: 8, Instructions: 204COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00DC68BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC68E3
___swprintf_l.LIBCMT ref: 00DC68F5
__allrem.LIBCMT ref: 00DC691A
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC6928
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC6938
___swprintf_l.LIBCMT ref: 00DC694A
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC6970
___swprintf_l.LIBCMT ref: 00DC6982
__allrem.LIBCMT ref: 00DC69A4
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC69B2
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC69C2
___swprintf_l.LIBCMT ref: 00DC69D4
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC69F9
___swprintf_l.LIBCMT ref: 00DC6A0B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC6A30
___swprintf_l.LIBCMT ref: 00DC6A42
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC6A59
___swprintf_l.LIBCMT ref: 00DC6A6B

Strings

%5I64d, xrefs: 00DC68B2
%4I64dP, xrefs: 00DC6A63
%4I64dG, xrefs: 00DC6A03
%4I64dk, xrefs: 00DC68ED
%2I64d.%0I64dG, xrefs: 00DC69CC
%2I64d.%0I64dM, xrefs: 00DC6942
%4I64dM, xrefs: 00DC697A
%4I64dT, xrefs: 00DC6A3A

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$___swprintf_l$__allrem
String ID: %2I64d.%0I64dG$%2I64d.%0I64dM$%4I64dG$%4I64dM$%4I64dP$%4I64dT$%4I64dk$%5I64d
API String ID: 2797256748-2102732564
Opcode ID: 409808d80a6866f593e4664ed7342c36dc8d7707785ac18584d7d0ec03de5df4
Instruction ID: b16af57baccf70b79a9076efc2bd97f288e15badee0740a23fe01f5773b2e7a6
Opcode Fuzzy Hash: 409808d80a6866f593e4664ed7342c36dc8d7707785ac18584d7d0ec03de5df4
Instruction Fuzzy Hash: 8141D273B8176636E92065496C03FBF121CCBC1FA1F19402EFB08FB182DA64E91506F9

Function 00DBAF30 Relevance: 31.9, APIs: 4, Strings: 14, Instructions: 369COMMON

Download Yara Rule

APIs

_strstr.LIBCMT ref: 00DBAF50
___from_strstr_to_strchr.LIBCMT ref: 00DBB081
___from_strstr_to_strchr.LIBCMT ref: 00DBB179

Strings

Unsupported proxy scheme for '%s', xrefs: 00DBB015
Unsupported proxy '%s', libcurl is built without the HTTPS-proxy support., xrefs: 00DBB046
%25, xrefs: 00DBB0F8
://, xrefs: 00DBAF3C
https, xrefs: 00DBAF66
http:, xrefs: 00DBB003
socks4a, xrefs: 00DBAFBD
socks, xrefs: 00DBAFEF
socks5, xrefs: 00DBAF9F
No valid port number in proxy string (%s), xrefs: 00DBB1CC
socks4, xrefs: 00DBAFDB
Invalid IPv6 address format, xrefs: 00DBB166
Please URL encode %% as %%25, see RFC 6874., xrefs: 00DBB109
socks5h, xrefs: 00DBAF81

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr$_strstr
String ID: %25$://$Invalid IPv6 address format$No valid port number in proxy string (%s)$Please URL encode %% as %%25, see RFC 6874.$Unsupported proxy '%s', libcurl is built without the HTTPS-proxy support.$Unsupported proxy scheme for '%s'$http:$https$socks$socks4$socks4a$socks5$socks5h
API String ID: 2668852316-741215929
Opcode ID: cd91ea360f42b0b1554427b139e0eaafe44e35d68c394624e31acd951f4f1a37
Instruction ID: 602fe32fe536e4e646c1a295bbdae6312fbd636833f7b8ab256d537cbc3afe8e
Opcode Fuzzy Hash: cd91ea360f42b0b1554427b139e0eaafe44e35d68c394624e31acd951f4f1a37
Instruction Fuzzy Hash: 45C12C71A00305DBDB315E19DC45BEF7BA5DF163A4F084066FC8AAB282E3B19945C7B1

Function 00E090B0 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 133libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,2C690420,00000000,|S,?,?,00E0537C,2C690420), ref: 00E090DD
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00E090F9
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00E0910B
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00E0911E
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00E09131
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00E09140
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00E0914F
new.LIBCMT ref: 00E09159
new.LIBCMT ref: 00E091B3

Strings

InitializeSRWLock, xrefs: 00E090F3
|S, xrefs: 00E09175
ReleaseSRWLockExclusive, xrefs: 00E09118
AcquireSRWLockExclusive, xrefs: 00E09105
SleepConditionVariableSRW, xrefs: 00E0913A
kernel32.dll, xrefs: 00E090D8
InitializeConditionVariable, xrefs: 00E0912B
|S, xrefs: 00E090C5
WakeAllConditionVariable, xrefs: 00E09149

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$InitializeConditionVariable$InitializeSRWLock$ReleaseSRWLockExclusive$SleepConditionVariableSRW$WakeAllConditionVariable$kernel32.dll$|S$|S
API String ID: 667068680-3866863561
Opcode ID: b8784e96231fa4561bd837acf8cdd18da9cf6be7ae42968d97dfa99488dbbe7c
Instruction ID: 859f614a5462b3d0a6f5fdc94e5a8827b9e6b3afcc173e313fdfe5d102712206
Opcode Fuzzy Hash: b8784e96231fa4561bd837acf8cdd18da9cf6be7ae42968d97dfa99488dbbe7c
Instruction Fuzzy Hash: D941D3B1A01B159BD7209F59C891B9BF7F8EF08B14F01452AE805F7781E7B5E9048BE1

Function 00DF8E70 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 215libraryloadertimeCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(FFFFFFFF,2C690420,74DEDF60,00E948B4), ref: 00DF8EDD
TlsGetValue.KERNEL32(FFFFFFFF), ref: 00DF8EF2
TlsGetValue.KERNEL32(FFFFFFFF), ref: 00DF8F0E
CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 00DF8F3E
GetModuleHandleA.KERNEL32(KERNEL32.DLL,SetWaitableTimerEx), ref: 00DF8F88
GetProcAddress.KERNEL32(00000000), ref: 00DF8F8F
WaitForMultipleObjectsEx.KERNEL32(00000000,?,00000000,00000000,00000000,2C690420,74DEDF60,00E948B4), ref: 00DF9019
CloseHandle.KERNEL32(00000000), ref: 00DF9077
TlsGetValue.KERNEL32(FFFFFFFF), ref: 00DF90AA
ResetEvent.KERNEL32(?), ref: 00DF90B3
__CxxThrowException@8.LIBVCRUNTIME ref: 00DF90C2
CloseHandle.KERNEL32(00000000), ref: 00DF90D8

Strings

SetWaitableTimerEx, xrefs: 00DF8F7E
zH, xrefs: 00DF8F1D
KERNEL32.DLL, xrefs: 00DF8F83

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Value$Handle$Close$AddressCreateEventException@8ModuleMultipleObjectsProcResetThrowTimerWaitWaitable
String ID: KERNEL32.DLL$SetWaitableTimerEx$zH
API String ID: 888221587-3088648631
Opcode ID: 65a8f352ff303a570e171e448be465ea70edafc9c7898901f298cdd70aa0ae9f
Instruction ID: 72e4ba4c6dc803bec8d4f4ffb0fd429b8421b6080a5b19302d378131c3dd4b48
Opcode Fuzzy Hash: 65a8f352ff303a570e171e448be465ea70edafc9c7898901f298cdd70aa0ae9f
Instruction Fuzzy Hash: 60718271E00608AFDB10CF69DC94BBDB7A5AF49320F158719F526E72D0DB3099458B61

Function 00DDBF20 Relevance: 25.0, APIs: 2, Strings: 12, Instructions: 476COMMON

Download Yara Rule

Strings

Content-Type: %s, xrefs: 00DDC1BC
couldn't open file "%s", xrefs: 00DDC42F
%s; boundary=%s, xrefs: 00DDBFB9
--%s--, xrefs: 00DDC46C
Content-Type: multipart/form-data, xrefs: 00DDBFB0, 00DDBFB8
%s, xrefs: 00DDC1F8
--%s--, xrefs: 00DDC4A6
--%sContent-Disposition: attachment, xrefs: 00DDC152
Content-Disposition: form-data; name=", xrefs: 00DDC06E
--%s, xrefs: 00DDC04F
Content-Type: multipart/mixed; boundary=%s, xrefs: 00DDC10C
, xrefs: 00DDC228

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: $%s$--%sContent-Disposition: attachment$--%s--$--%s--$Content-Type: %s$Content-Type: multipart/mixed; boundary=%s$%s; boundary=%s$--%s$Content-Disposition: form-data; name="$Content-Type: multipart/form-data$couldn't open file "%s"
API String ID: 0-530302859
Opcode ID: 101e4c1633f0264676f7f45b6c35c98a7cd22436456d0426acef09466f8b4759
Instruction ID: a319fa384b2c1e9d9a55b8352d3b496366631c53a98ae6034ed66c59eb54736e
Opcode Fuzzy Hash: 101e4c1633f0264676f7f45b6c35c98a7cd22436456d0426acef09466f8b4759
Instruction Fuzzy Hash: 27F194729502299BCF21DB54DC85BEA73B8AF18350F0915D6E908A7342E771EE85CFB0

Function 00D97C80 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 299synchronizationCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000002,2C690420), ref: 00D97CB4
ShellExecuteExW.SHELL32(0000003C), ref: 00D97D24
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00D97D33
CloseHandle.KERNEL32(?), ref: 00D97D3C
GetLastError.KERNEL32 ref: 00D97D4D

Part of subcall function 00D83880: new.LIBCMT ref: 00D83896

Strings

failed coinitializeex. result=, xrefs: 00D97FE0
<, xrefs: 00D97CD6
shell execute ex failed. err=, xrefs: 00D97E58
installer, xrefs: 00D97DF7, 00D97F7F
]: , xrefs: 00D97E4C, 00D97FD4
RunInstallerWithUAC::<lambda_54f122fa2d586c8735354f7e2e6d282c>::operator (), xrefs: 00D97E1B, 00D97FA3
@, xrefs: 00D97CDD

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CloseErrorExecuteHandleInitializeLastObjectShellSingleWait
String ID: <$@$RunInstallerWithUAC::<lambda_54f122fa2d586c8735354f7e2e6d282c>::operator ()$]: $failed coinitializeex. result=$installer$shell execute ex failed. err=
API String ID: 2044801028-2639624214
Opcode ID: b632ec8c2fc0cac3e55cd2f61a8607551f9e1261375102adc50b2b9d16f16f4b
Instruction ID: faedbac8ba9e3f6f2d3987e298d38718a73a1f55b18ccf727ca72b42eaea4af5
Opcode Fuzzy Hash: b632ec8c2fc0cac3e55cd2f61a8607551f9e1261375102adc50b2b9d16f16f4b
Instruction Fuzzy Hash: D8B17C70E00349DBDF00EBA5C849BAEBBB8EF05B00F144159E5057B292DB74AA09CBB5

Function 00DDCFA0 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 290COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00DDD054

Part of subcall function 00DDE030: ___swprintf_l.LIBCMT ref: 00DDE04D

Strings

%s, algorithm="%s", xrefs: 00DDD2D7
d41d8cd98f00b204e9800998ecf8427e, xrefs: 00DDD163
%s:%s:%s, xrefs: 00DDD0A2, 00DDD0FB, 00DDD1DB
username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%08x, qop=%s, response="%s", xrefs: 00DDD24C
%s, opaque="%s", xrefs: 00DDD2AE
auth, xrefs: 00DDD256
username="%s", realm="%s", nonce="%s", uri="%s", response="%s", xrefs: 00DDD284
%s:%s:%08x:%s:%s:%s, xrefs: 00DDD1C2
%s:%s, xrefs: 00DDD13B, 00DDD169
auth-int, xrefs: 00DDD151
%08x%08x%08x%08x, xrefs: 00DDD04C

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___swprintf_l
String ID: %08x%08x%08x%08x$%s, algorithm="%s"$%s, opaque="%s"$%s:%s$%s:%s:%08x:%s:%s:%s$%s:%s:%s$auth$auth-int$d41d8cd98f00b204e9800998ecf8427e$username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%08x, qop=%s, response="%s"$username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
API String ID: 48624451-3873893103
Opcode ID: 77691dba2de14a66ee80ab500b37c4895631de03968146af5698dcbbae2edf71
Instruction ID: 4a668e853fdb89833d805341b8d4e182a38e32817ce5d5e1da5215d7fa94ef89
Opcode Fuzzy Hash: 77691dba2de14a66ee80ab500b37c4895631de03968146af5698dcbbae2edf71
Instruction Fuzzy Hash: 77A11F71A0021AAFDF10EFA5CD85FAAB7B9EF09304F044595F908A7201E771AE55CBB1

Function 00E0A0C0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000004,00000004,00E09D4B,2C690420,00000004,00000004,00000004,00E966A8,000000FF,?,00E06931,2C690420,00000000), ref: 00E0A0C7
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00E0A0DF
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00E0A0F0
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00E0A101
GetProcAddress.KERNEL32(00000000,AcquireSRWLockShared), ref: 00E0A112
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockShared), ref: 00E0A123

Strings

InitializeSRWLock, xrefs: 00E0A0D9
ReleaseSRWLockExclusive, xrefs: 00E0A0FB
AcquireSRWLockExclusive, xrefs: 00E0A0EA
kernel32.dll, xrefs: 00E0A0C2
ReleaseSRWLockShared, xrefs: 00E0A11D
AcquireSRWLockShared, xrefs: 00E0A10C

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$AcquireSRWLockShared$InitializeSRWLock$ReleaseSRWLockExclusive$ReleaseSRWLockShared$kernel32.dll
API String ID: 667068680-2154951675
Opcode ID: 7a74d741cb6f826a0c11ec4927ddfbceadc2f73f102376b98632af335bd9f88b
Instruction ID: 4c74ba2b15d5ee2131190eae799a9a2c956b9a1bb9580043c54e2ebab983bba6
Opcode Fuzzy Hash: 7a74d741cb6f826a0c11ec4927ddfbceadc2f73f102376b98632af335bd9f88b
Instruction Fuzzy Hash: 2C0165B110775F5DC711AF2B6C99546B6E8AB59704B0B202AF400FE3E3EBB0D489CB95

Function 00E8792F Relevance: 19.6, APIs: 13, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E8794C

Part of subcall function 00E772F5: RtlFreeHeap.NTDLL(00000000,00000000,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?), ref: 00E7730B
Part of subcall function 00E772F5: GetLastError.KERNEL32(?,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?,?), ref: 00E7731D

_free.LIBCMT ref: 00E8795E
_free.LIBCMT ref: 00E87970
_free.LIBCMT ref: 00E87982
_free.LIBCMT ref: 00E87994
_free.LIBCMT ref: 00E879A6
_free.LIBCMT ref: 00E879B8
_free.LIBCMT ref: 00E879CA
_free.LIBCMT ref: 00E879DC
_free.LIBCMT ref: 00E879EE
_free.LIBCMT ref: 00E87A00
_free.LIBCMT ref: 00E87A12
_free.LIBCMT ref: 00E87A24

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b088cb1ac2efef046b729d8ca14226a5b2ab75914c43ddea6650963cbcf34d40
Instruction ID: 21c3e5e0575e8eb118f64f78e39c0ec593a316c124b0c2fa296f6360b8b43b87
Opcode Fuzzy Hash: b088cb1ac2efef046b729d8ca14226a5b2ab75914c43ddea6650963cbcf34d40
Instruction Fuzzy Hash: EE213472608244AF8224FB6AE4C1D1A73F9EB453147756805F09DF7961CB70FDC58B20

Function 00D95CA0 Relevance: 19.6, APIs: 3, Strings: 8, Instructions: 312COMMON

Download Yara Rule

APIs

___std_type_info_name.LIBVCRUNTIME ref: 00D95F29

Strings

H, xrefs: 00D95DB9
Dynamic exception type: , xrefs: 00D95F4C
Throw location unknown (consider using BOOST_THROW_EXCEPTION), xrefs: 00D95E70
(unknown), xrefs: 00D95EF5
std::exception::what: , xrefs: 00D9600D
): , xrefs: 00D95EA4
Unknown exception., xrefs: 00D95CF3
Throw in function , xrefs: 00D95ED2

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_type_info_name
String ID: (unknown)$): $Dynamic exception type: $H$Throw in function $Throw location unknown (consider using BOOST_THROW_EXCEPTION)$Unknown exception.$std::exception::what:
API String ID: 1734802720-3314828008
Opcode ID: 3543160405897e23198056a3acd212579d40a9e65034421644ab417d2b4d931b
Instruction ID: bda3e14e51759a9b9b04de2bd2457daefb6dce4e8f0a631d06e47f78133cc19c
Opcode Fuzzy Hash: 3543160405897e23198056a3acd212579d40a9e65034421644ab417d2b4d931b
Instruction Fuzzy Hash: 8EC1A0B1E003599EDF20DB64CC45B9EB7B8EF41304F1445A9E50DA7282EB719A88CF72

Function 00DF8A30 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 185libraryloadertimeCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KERNEL32.DLL,GetTickCount64), ref: 00DF8A6D
GetProcAddress.KERNEL32(00000000), ref: 00DF8A74
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DF8B6D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DF8B94
__allrem.LIBCMT ref: 00DF8B9F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DF8BC6
__allrem.LIBCMT ref: 00DF8BD1
SystemTimeToFileTime.KERNEL32(0000003C,?,00000000,?,0000003C,00000000,?,?,000F4240,00000000,03938700,00000000,D693A400,00000000), ref: 00DF8BE5
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DF8C3B

Strings

GetTickCount64, xrefs: 00DF8A63
KERNEL32.DLL, xrefs: 00DF8A68

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Time__allrem$AddressFileHandleModuleProcSystem
String ID: GetTickCount64$KERNEL32.DLL
API String ID: 2537731104-3320051239
Opcode ID: 0b169530d004b38dc603631102b74aabdbf13211deb886167db334cc1fa21725
Instruction ID: 89d0e6cc450bd491bc73d0955e90d8631bbba0f69e2811999179d4e678f9211a
Opcode Fuzzy Hash: 0b169530d004b38dc603631102b74aabdbf13211deb886167db334cc1fa21725
Instruction Fuzzy Hash: 655190B1608305ABC704EF65CC45B6FB7E8EF88700F45891EB699E7241EB34E50897B6

Function 00E88591 Relevance: 18.1, APIs: 12, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E885CA

Part of subcall function 00E772F5: RtlFreeHeap.NTDLL(00000000,00000000,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?), ref: 00E7730B
Part of subcall function 00E772F5: GetLastError.KERNEL32(?,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?,?), ref: 00E7731D

Part of subcall function 00E8792F: _free.LIBCMT ref: 00E8794C
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E8795E
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E87970
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E87982
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E87994
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E879A6
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E879B8
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E879CA
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E879DC
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E879EE
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E87A00
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E87A12
Part of subcall function 00E8792F: _free.LIBCMT ref: 00E87A24

_free.LIBCMT ref: 00E885EC
_free.LIBCMT ref: 00E88601
_free.LIBCMT ref: 00E8860C
_free.LIBCMT ref: 00E8862E
_free.LIBCMT ref: 00E88641
_free.LIBCMT ref: 00E8864F
_free.LIBCMT ref: 00E8865A
_free.LIBCMT ref: 00E88692
_free.LIBCMT ref: 00E88699
_free.LIBCMT ref: 00E886B6
_free.LIBCMT ref: 00E886CE

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 89dff3360029a61edab170189e1fc17761d4242f7c544b2c247942910350decd
Instruction ID: 327f85767240e5ba98b31ab67a97b7ee47c6204af1719cc7a38eaaf2a44fce34
Opcode Fuzzy Hash: 89dff3360029a61edab170189e1fc17761d4242f7c544b2c247942910350decd
Instruction Fuzzy Hash: DB317E716042419FDB20BA39D945B6673E8FF41354F50A429F89DE7162EF70ED40DB10

Function 00DBB430 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 188COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DBB47F
_strrchr.LIBCMT ref: 00DBB4A2
___swprintf_l.LIBCMT ref: 00DBB536

Strings

Illegal port number, xrefs: 00DBB657
x, xrefs: 00DBB55A
%s://%s%s%s:%hu%s%s%s, xrefs: 00DBB58B
], xrefs: 00DBB465
Port number out of range, xrefs: 00DBB683
[%*45[0123456789abcdefABCDEF:.]%c, xrefs: 00DBB44D
;type=%c, xrefs: 00DBB52B

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr___swprintf_l_strrchr
String ID: %s://%s%s%s:%hu%s%s%s$;type=%c$Illegal port number$Port number out of range$[%*45[0123456789abcdefABCDEF:.]%c$]$x
API String ID: 2016915833-3359654453
Opcode ID: 8f946b2aa64ffdf8ba97692ec6274626a347dde3ff84cbef28c404140cbea048
Instruction ID: 233bac8a7a304e05d7d14920c289cc3b13a5cc4148cb2cf05b98ee86ae426865
Opcode Fuzzy Hash: 8f946b2aa64ffdf8ba97692ec6274626a347dde3ff84cbef28c404140cbea048
Instruction Fuzzy Hash: 836129B0604345DADB218B74C8817EAB7E4EF45314F08406AE98F56282D7B56998C772

Function 00DF8420 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 176COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?), ref: 00DF8500
OpenEventA.KERNEL32(00100002,00000000,00000000), ref: 00DF851A
CloseHandle.KERNEL32(00000000), ref: 00DF852F
ResetEvent.KERNEL32(00000000), ref: 00DF8539
CloseHandle.KERNEL32(00000000,2C690420,74DEDF20,00000000), ref: 00DF857A

Strings

e-flag, xrefs: 00DF84BB, 00DF85E1

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CloseEventHandle$CurrentOpenProcessReset
String ID: e-flag
API String ID: 485013868-538632313
Opcode ID: 597d79ead6c601f057420b62ea2079910b5f89173fd5005bdb5b5912b89c2fb2
Instruction ID: 8921e1d1a2f113c63ee801c6b167361989c2b996455ef572311dbae72262a515
Opcode Fuzzy Hash: 597d79ead6c601f057420b62ea2079910b5f89173fd5005bdb5b5912b89c2fb2
Instruction Fuzzy Hash: 92718C74D0434C9FDF11CBA5D8447EDBBB4AF1A310F198219E918B7352EB70A989CB62

Function 00E09A50 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 176COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00E09AB2
__Init_thread_footer.LIBCMT ref: 00E09B74
__Init_thread_footer.LIBCMT ref: 00E09CAB

Strings

LineID, xrefs: 00E09AEA
Message, xrefs: 00E09ADD
ProcessID, xrefs: 00E09B04
TimeStamp, xrefs: 00E09AF7
ThreadID, xrefs: 00E09B11
Severity, xrefs: 00E09AC7
Channel, xrefs: 00E09AD1

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Init_thread_footer
String ID: Channel$LineID$Message$ProcessID$Severity$ThreadID$TimeStamp
API String ID: 1385522511-3293327833
Opcode ID: 8fc78178c307a1fcc3b9812bbc6bab6442d84666941b59b0cbad5151d20167f2
Instruction ID: 6219c7041c220e1e4f0397c15fac35864bbd93aeb1affe7b9e6a61f7b868b29a
Opcode Fuzzy Hash: 8fc78178c307a1fcc3b9812bbc6bab6442d84666941b59b0cbad5151d20167f2
Instruction Fuzzy Hash: 2271DDB0D013899FCB10DF6AC886BAAB7F0EB40324F118559E0557B3E3D774A944CBA0

Function 00DC6A80 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 144COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC6ABF
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC6AFD
___swprintf_l.LIBCMT ref: 00DC6B55
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC6B6D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC6BA2
___swprintf_l.LIBCMT ref: 00DC6BB7
___swprintf_l.LIBCMT ref: 00DC6BD2

Strings

%2I64d:%02I64d:%02I64d, xrefs: 00DC6B4B
%3I64dd %02I64dh, xrefs: 00DC6BAD
%7I64dd, xrefs: 00DC6BC8

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$___swprintf_l
String ID: %2I64d:%02I64d:%02I64d$%3I64dd %02I64dh$%7I64dd
API String ID: 2070094197-564197712
Opcode ID: bbfbc28c706ff2aff891e6929808ff0fc9366b5c8108305611c9730ab7fa27fa
Instruction ID: a8a66b86df81546d3ce10580c52e7031c1fed34cce0c6e6d6a8d5b1844888f8e
Opcode Fuzzy Hash: bbfbc28c706ff2aff891e6929808ff0fc9366b5c8108305611c9730ab7fa27fa
Instruction Fuzzy Hash: CC41B773B002197AEB205D6D9C42FAF7659DB84B60F154169FE08FB281E671DD5482F0

Function 00E6D5C3 Relevance: 16.6, APIs: 11, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,2C690420,000000FF,00000000,00000000,?,00000010,?,00000010,00000000,2C690420), ref: 00E6D61B
GetLastError.KERNEL32 ref: 00E6D628
__dosmaperr.LIBCMT ref: 00E6D62F
MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,?,?), ref: 00E6D65B
GetLastError.KERNEL32 ref: 00E6D665
__dosmaperr.LIBCMT ref: 00E6D66C
WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,?,?,00000000,00000000), ref: 00E6D6AF
GetLastError.KERNEL32 ref: 00E6D6B9
__dosmaperr.LIBCMT ref: 00E6D6C0
_free.LIBCMT ref: 00E6D6CC
_free.LIBCMT ref: 00E6D6D3

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
String ID:
API String ID: 2441525078-0
Opcode ID: c267ad31e7b26f25498f0f9dc27f7a2679017cfdc5964ad2da5ec8be5fcaa80f
Instruction ID: 8da304cab0378dfa90489ee0e302d1cfd75c7d0bf9e37b0eef88ca671cde4b4e
Opcode Fuzzy Hash: c267ad31e7b26f25498f0f9dc27f7a2679017cfdc5964ad2da5ec8be5fcaa80f
Instruction Fuzzy Hash: B431D372E4820ABFDF119FA5EC45DAE3BB8EF463A8B505119F81476161DB30CD10DB60

Function 00D8E520 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 136COMMON

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 00D8E55E
__Getcvt.LIBCPMT ref: 00D8E596
Concurrency::cancel_current_task.LIBCPMT ref: 00D8E5BE
Concurrency::cancel_current_task.LIBCPMT ref: 00D8E5FC
Concurrency::cancel_current_task.LIBCPMT ref: 00D8E63C
numpunct.LIBCPMT ref: 00D8E644
__CxxThrowException@8.LIBVCRUNTIME ref: 00D8E64D

Strings

true, xrefs: 00D8E629, 00D8E654
false, xrefs: 00D8E5E9, 00D8E603

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Concurrency::cancel_current_task$Getcvt$Exception@8Thrownumpunct
String ID: false$true
API String ID: 3191441162-2658103896
Opcode ID: fdb40bf006bd385512ea5aced26d291aacbc7267f513820cf1e81c24b7e5cdf4
Instruction ID: 702a7cb6910dce848872cf1d322fdaf37838d8df625f624575e459be643d4423
Opcode Fuzzy Hash: fdb40bf006bd385512ea5aced26d291aacbc7267f513820cf1e81c24b7e5cdf4
Instruction Fuzzy Hash: 43413531A042448FCF10EF64D841BBABBA1EF95314F1881AEED456B342E776A905CBB0

Function 00DC1A20 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 172COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DC1AC4
___from_strstr_to_strchr.LIBCMT ref: 00DC1BB7

Strings

Content-Type:, xrefs: 00DC1B3A
Transfer-Encoding:, xrefs: 00DC1BA0
%s, xrefs: 00DC1BFB
Connection, xrefs: 00DC1B7E
Content-Length, xrefs: 00DC1B5C
Host:, xrefs: 00DC1B15

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: %s$Connection$Content-Length$Content-Type:$Host:$Transfer-Encoding:
API String ID: 601868998-3301244629
Opcode ID: 79368d593c4c8d853c4590a1c4599e07f85139693a8e5327bbf7e97b830bd67e
Instruction ID: 2afbe9856dba95e05b158bf702523385456178a88926ebf207d0ee68e3aec81d
Opcode Fuzzy Hash: 79368d593c4c8d853c4590a1c4599e07f85139693a8e5327bbf7e97b830bd67e
Instruction Fuzzy Hash: 3751F838A452636BDB218E608A45F55BBA29F03344F1C40ADEC499B243F732C945CF71

Function 00D832E0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00D83316
std::_Lockit::_Lockit.LIBCPMT ref: 00D83339
std::_Lockit::~_Lockit.LIBCPMT ref: 00D83359
__CxxThrowException@8.LIBVCRUNTIME ref: 00D833CF
std::_Facet_Register.LIBCPMT ref: 00D833E5
std::_Lockit::~_Lockit.LIBCPMT ref: 00D833F0

Strings

bad cast, xrefs: 00D833C8
x, xrefs: 00D83302, 00D833F7

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
String ID: bad cast$x
API String ID: 2536120697-3173176785
Opcode ID: ff457af1438dfacf662c7b37fb75a2cf45989d459bd0b7f45d44687988be8dd3
Instruction ID: 517afda823f1f29cf6d8e5864c2f13292d1dc25b83620115dbd96b3d972cfebe
Opcode Fuzzy Hash: ff457af1438dfacf662c7b37fb75a2cf45989d459bd0b7f45d44687988be8dd3
Instruction Fuzzy Hash: DC31AE71D00258DFCB11EF55D881AAEB7F4FB48720F144219E809BB292DB75AA05CBA1

Function 00E6054F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

FindCompleteObject.LIBCMT ref: 00E60570
FindSITargetTypeInstance.LIBVCRUNTIME ref: 00E60594
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00E605A9

Part of subcall function 00E60110: PMDtoOffset.LIBCMT ref: 00E601DA

FindVITargetTypeInstance.LIBVCRUNTIME ref: 00E605B0
PMDtoOffset.LIBCMT ref: 00E605C1
std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00E605EB
__CxxThrowException@8.LIBVCRUNTIME ref: 00E605FB

Strings

Bad dynamic_cast!, xrefs: 00E605E2

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Find$InstanceTargetType$Offset$CompleteException@8ObjectThrowstd::__non_rtti_object::__construct_from_string_literal
String ID: Bad dynamic_cast!
API String ID: 528452320-2956939130
Opcode ID: d8bd36e087e707971b9bf6bf0eb1f9208af7a941f516fc2b4c9d3dd530d4ac65
Instruction ID: fa5e54c91d52958bd386cb5d2c96a68c01480674fee068e18bb109c95c7fd917
Opcode Fuzzy Hash: d8bd36e087e707971b9bf6bf0eb1f9208af7a941f516fc2b4c9d3dd530d4ac65
Instruction Fuzzy Hash: E421F9729803289FCB20DFA4ED46AAF77A4EB08790F106009F511B3281DB70D900DFA0

Function 00E7B529 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E80000: GetLastError.KERNEL32(?,?,00E74C15,00EDD438,00000010), ref: 00E80004
Part of subcall function 00E80000: _free.LIBCMT ref: 00E80037
Part of subcall function 00E80000: SetLastError.KERNEL32(00000000), ref: 00E80078
Part of subcall function 00E80000: _abort.LIBCMT ref: 00E8007E

_memcmp.LIBVCRUNTIME ref: 00E7B7D3
_free.LIBCMT ref: 00E7B844
_free.LIBCMT ref: 00E7B85D
_free.LIBCMT ref: 00E7B88F
_free.LIBCMT ref: 00E7B898
_free.LIBCMT ref: 00E7B8A4

Strings

C, xrefs: 00E7B691

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: dd6e4598958d03c5c816ce65fd74cd4ed99a7b5ad0f32f041ae8bf3f5ca1f6b4
Instruction ID: a5f007840268c0a11856e5311c992aedef9b768ff44cf0e86635afaac3ebf6aa
Opcode Fuzzy Hash: dd6e4598958d03c5c816ce65fd74cd4ed99a7b5ad0f32f041ae8bf3f5ca1f6b4
Instruction Fuzzy Hash: 1EB11675A012199FDB24DF28C884BADB7B5FF48304F1495AAE94DA7350E731AE90CF40

Function 00DDB5B0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 248COMMON

Download Yara Rule

Strings

/../, xrefs: 00DDB6C8
/./, xrefs: 00DDB673
/.., xrefs: 00DDB6F4
${, xrefs: 00DDB68E
../, xrefs: 00DDB657
4{, xrefs: 00DDB77B

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: ${$../$/..$/../$/./$4{
API String ID: 0-3787377394
Opcode ID: 9bc078831f77a0a51907e89c7ca8f22d9d971d5d1878878e8c8f15e4903a0951
Instruction ID: 8a6183d1fbdbc9b05d6bff05970112e0c4a72cab20adb0ee602848bcc3dd020d
Opcode Fuzzy Hash: 9bc078831f77a0a51907e89c7ca8f22d9d971d5d1878878e8c8f15e4903a0951
Instruction Fuzzy Hash: 6E712855A08385EBDB210A356C957B6BF978FE236CF1E04ABD8C59B302E353C9098371

Function 00DA4500 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 111COMMON

Download Yara Rule

APIs

___std_type_info_name.LIBVCRUNTIME ref: 00DA460A

Strings

" failed, xrefs: 00DA4620
conversion of data to type ", xrefs: 00DA45DA
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std, xrefs: 00DA464D
(, xrefs: 00DA452F
(, xrefs: 00DA4524, 00DA459B
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::string_path<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct boost::property_tree::id_transla, xrefs: 00DA4521

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_type_info_name
String ID: " failed$($($class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std$class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::string_path<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct boost::property_tree::id_transla$conversion of data to type "
API String ID: 1734802720-3029561612
Opcode ID: 24281b11dba804ba2721e97cac806e53d8c9e024c9540ce78131537e4e916b93
Instruction ID: e1cfb99d0e69ca5c73d13447373e32949714ef85c958b804ebcac9b52e62e71a
Opcode Fuzzy Hash: 24281b11dba804ba2721e97cac806e53d8c9e024c9540ce78131537e4e916b93
Instruction Fuzzy Hash: A441D071D0424CABDF15DBA8C845BEEBBB8EB06310F144519E855B73C2EBB45A08CB71

Function 00D83420 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00D83456
std::_Lockit::_Lockit.LIBCPMT ref: 00D83479
std::_Lockit::~_Lockit.LIBCPMT ref: 00D83499
__CxxThrowException@8.LIBVCRUNTIME ref: 00D8350F
std::_Facet_Register.LIBCPMT ref: 00D83525
std::_Lockit::~_Lockit.LIBCPMT ref: 00D83530

Strings

bad cast, xrefs: 00D83508

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
String ID: bad cast
API String ID: 2536120697-3145022300
Opcode ID: fe404f78afc5195ca60e5a97fd40585a3a9657146062b88655633a8782ac4ed5
Instruction ID: a8aabbfc665eec3d5a431c20c3774ccba6bb5dd58dde349eb926019db611b9cf
Opcode Fuzzy Hash: fe404f78afc5195ca60e5a97fd40585a3a9657146062b88655633a8782ac4ed5
Instruction Fuzzy Hash: 9931D171D002588FCF11EF99D980AAEB7F8EF48720F154259E809BB252DB35AD05CBB1

Function 00D915E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00D91616
std::_Lockit::_Lockit.LIBCPMT ref: 00D91639
std::_Lockit::~_Lockit.LIBCPMT ref: 00D91659
__CxxThrowException@8.LIBVCRUNTIME ref: 00D916CF
std::_Facet_Register.LIBCPMT ref: 00D916E5
std::_Lockit::~_Lockit.LIBCPMT ref: 00D916F0

Strings

bad cast, xrefs: 00D916C8

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
String ID: bad cast
API String ID: 2536120697-3145022300
Opcode ID: 331adbde09751d396b42772a441e6381dd7cb64908383f371dfd5aa6e0b5d0a3
Instruction ID: 0cc8f674ea2969c5015e98ee3cd19d26768b1a0a3d5938c4a73525d21e1f4b1d
Opcode Fuzzy Hash: 331adbde09751d396b42772a441e6381dd7cb64908383f371dfd5aa6e0b5d0a3
Instruction Fuzzy Hash: 8831A075D0025ACFCF11EF95D881AAEB7F8FB58720F18421AE815BB251DB706C45CBA0

Function 00DA0570 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00DA05A6
std::_Lockit::_Lockit.LIBCPMT ref: 00DA05C9
std::_Lockit::~_Lockit.LIBCPMT ref: 00DA05E9
__CxxThrowException@8.LIBVCRUNTIME ref: 00DA065F
std::_Facet_Register.LIBCPMT ref: 00DA0675
std::_Lockit::~_Lockit.LIBCPMT ref: 00DA0680

Strings

bad cast, xrefs: 00DA0658

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
String ID: bad cast
API String ID: 2536120697-3145022300
Opcode ID: f0dbfe78dbb10f895471a7bbf4f9de07e6b8141f4c75b2ccc52fcf9846c163d9
Instruction ID: 28ec83ead325984b95e75abf802796394147818d7f2f41fa2be0fc52aa4b3e4d
Opcode Fuzzy Hash: f0dbfe78dbb10f895471a7bbf4f9de07e6b8141f4c75b2ccc52fcf9846c163d9
Instruction Fuzzy Hash: 1831DF71D00259CFCB11DF95D881AAEBBF8FF49324F18421AE815BB252DB31A805CBA0

Function 00D8A7B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00D8A7E6
std::_Lockit::_Lockit.LIBCPMT ref: 00D8A809
std::_Lockit::~_Lockit.LIBCPMT ref: 00D8A829
__CxxThrowException@8.LIBVCRUNTIME ref: 00D8A89F
std::_Facet_Register.LIBCPMT ref: 00D8A8B5
std::_Lockit::~_Lockit.LIBCPMT ref: 00D8A8C0

Strings

bad cast, xrefs: 00D8A898

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
String ID: bad cast
API String ID: 2536120697-3145022300
Opcode ID: 36ff4d8c0bc0d56daee8c1086ed380c300be2ec3965e00ccc4491d17f3cd8e20
Instruction ID: 2f1dfefe3e4023f5385b144a4d613880a39aebdf3bc8923f4f18413f7b910cad
Opcode Fuzzy Hash: 36ff4d8c0bc0d56daee8c1086ed380c300be2ec3965e00ccc4491d17f3cd8e20
Instruction Fuzzy Hash: 7231C071D002598FDF11EF59D881AAEB7F8EF48720F15422AE815BB351DB346906CBB2

Function 00D8A990 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00D8A9C6
std::_Lockit::_Lockit.LIBCPMT ref: 00D8A9E9
std::_Lockit::~_Lockit.LIBCPMT ref: 00D8AA09
__CxxThrowException@8.LIBVCRUNTIME ref: 00D8AA7F
std::_Facet_Register.LIBCPMT ref: 00D8AA95
std::_Lockit::~_Lockit.LIBCPMT ref: 00D8AAA0

Strings

bad cast, xrefs: 00D8AA78

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
String ID: bad cast
API String ID: 2536120697-3145022300
Opcode ID: e7f7e16ce9e68cf75ab18642825ee730a35f6b1790db78c2032abc3827f26fbc
Instruction ID: 16de3b52b81c368a0df46a76cf3bff7b5a77da4eeac8f80d76852ff767704c1c
Opcode Fuzzy Hash: e7f7e16ce9e68cf75ab18642825ee730a35f6b1790db78c2032abc3827f26fbc
Instruction Fuzzy Hash: 8D31E071D002598FDF15EF59D881AAEB7F8EB48720F14421AE815BB252DB346845CBB2

Function 00D8ACD0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00D8AD06
std::_Lockit::_Lockit.LIBCPMT ref: 00D8AD29
std::_Lockit::~_Lockit.LIBCPMT ref: 00D8AD49
__CxxThrowException@8.LIBVCRUNTIME ref: 00D8ADBF
std::_Facet_Register.LIBCPMT ref: 00D8ADD5
std::_Lockit::~_Lockit.LIBCPMT ref: 00D8ADE0

Strings

bad cast, xrefs: 00D8ADB8

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
String ID: bad cast
API String ID: 2536120697-3145022300
Opcode ID: c49a92d835c34ff7b89e4341274690131ac6946b7c2fb10cdf2342e467a5e6e7
Instruction ID: d2ffe2c7b404e85b6642b515d14f06217fa1fd72a9579cd23f34217895ac60e9
Opcode Fuzzy Hash: c49a92d835c34ff7b89e4341274690131ac6946b7c2fb10cdf2342e467a5e6e7
Instruction Fuzzy Hash: 02310671D002598FDF10EF59D881AAEB7B4EF48314F14411AE809BB292EB346805CFB1

Function 00D7BEA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00D7BED6
std::_Lockit::_Lockit.LIBCPMT ref: 00D7BEF9
std::_Lockit::~_Lockit.LIBCPMT ref: 00D7BF19
__CxxThrowException@8.LIBVCRUNTIME ref: 00D7BF8F
std::_Facet_Register.LIBCPMT ref: 00D7BFA5
std::_Lockit::~_Lockit.LIBCPMT ref: 00D7BFB0

Strings

bad cast, xrefs: 00D7BF88

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
String ID: bad cast
API String ID: 2536120697-3145022300
Opcode ID: b263e8eac4877c03aa07a7e0186945e20006f199a2e03b11da37583e29a47a00
Instruction ID: 80bd204f96c471ec39338860bbdf76745ed36fc4fd680a876b17da0f721f024a
Opcode Fuzzy Hash: b263e8eac4877c03aa07a7e0186945e20006f199a2e03b11da37583e29a47a00
Instruction Fuzzy Hash: 67318E71D002589FCF11EF55DC81AAEB7B4EF49720F14825AE40DBB251EB366845CFA1

Function 00D72FE0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00D73015
__CxxThrowException@8.LIBVCRUNTIME ref: 00D73042
__CxxThrowException@8.LIBVCRUNTIME ref: 00D7306F
__CxxThrowException@8.LIBVCRUNTIME ref: 00D7309C

Strings

ios_base::failbit set, xrefs: 00D7304C
ios_base::badbit set, xrefs: 00D7301F
ios_base::eofbit set, xrefs: 00D73079

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 7fe087db252d08bcd7cd222ee2151b1899a3a794c3000f38173680e43aa42c1a
Instruction ID: 0d6381bac7d3aad8ae021d78c2f11bac036422ee6884a87c289df0482b45cf3a
Opcode Fuzzy Hash: 7fe087db252d08bcd7cd222ee2151b1899a3a794c3000f38173680e43aa42c1a
Instruction Fuzzy Hash: 2311C1705883056ADB10EF20CC17FABB794EF61750F04980DF988BA1D2EBB0A545DA3A

Function 00D979B0 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 205memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D83880: new.LIBCMT ref: 00D83896

GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D97C47
HeapFree.KERNEL32(00000000), ref: 00D97C4E

Strings

RunInstallerWithUAC, xrefs: 00D97AAE
. cmd=, xrefs: 00D97B00
run installer with uac. path=, xrefs: 00D97AEB
installer, xrefs: 00D97A8A
]: , xrefs: 00D97ADF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Heap$FreeProcess
String ID: . cmd=$RunInstallerWithUAC$]: $installer$run installer with uac. path=
API String ID: 3859560861-4270199412
Opcode ID: 80f0f0a6a3236cd2dbbc8e2c97076c2ce699ace392d3b8fda765347b74f7beb0
Instruction ID: c0080728edc2303c271e00c16bdd3dfb2776e8325f3fa071a5cea45f575953ec
Opcode Fuzzy Hash: 80f0f0a6a3236cd2dbbc8e2c97076c2ce699ace392d3b8fda765347b74f7beb0
Instruction Fuzzy Hash: 7981AA70E002189BCF00EBA4C855BEEFBB5EF48710F148159E81677381DBB46A0ACBB5

Function 00E7B0AB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E76524: RtlAllocateHeap.NTDLL(00000000,00000003,00000000,?,00000003,00E80083), ref: 00E76556

_free.LIBCMT ref: 00E7B1B6
_free.LIBCMT ref: 00E7B1CD
_free.LIBCMT ref: 00E7B1EC
_free.LIBCMT ref: 00E7B207
_free.LIBCMT ref: 00E7B21E

Strings

t), xrefs: 00E7B0FE

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free$AllocateHeap
String ID: t)
API String ID: 3033488037-1668922237
Opcode ID: 2138310f69c81e63e353b80bec68fd2268113d2dd1339882825eb79c2602c6c8
Instruction ID: 28d2f3a1506efb2716328d77b98335b6db23eca8d1d27fd46ea9f318e1c583b2
Opcode Fuzzy Hash: 2138310f69c81e63e353b80bec68fd2268113d2dd1339882825eb79c2602c6c8
Instruction Fuzzy Hash: 2B51C071A01304AFDB20DF69DC41BAA77F4EF49724F149669E84DE7261E731DA01CB40

Function 00DC4E70 Relevance: 10.7, APIs: 7, Instructions: 171COMMON

Download Yara Rule

APIs

_strstr.LIBCMT ref: 00DC4E98
___from_strstr_to_strchr.LIBCMT ref: 00DC4EB7
_strrchr.LIBCMT ref: 00DC4ECE
___from_strstr_to_strchr.LIBCMT ref: 00DC4EE0
_strrchr.LIBCMT ref: 00DC4F27

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr_strrchr$_strstr
String ID:
API String ID: 4240772140-0
Opcode ID: 130d304eccb1945c80c9eca4ebb4b85b9da32e83bc056b9915c2cb4787452d81
Instruction ID: e94453496a78d0c8a15721620aa8654112494526dd0dcda566366d5718045749
Opcode Fuzzy Hash: 130d304eccb1945c80c9eca4ebb4b85b9da32e83bc056b9915c2cb4787452d81
Instruction Fuzzy Hash: 6B5151A18443836EEB324A24EC59F273BA99F12394F0D057CFC889B146F775D95483B2

Function 00DDCD30 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00DDCE4A
___swprintf_l.LIBCMT ref: 00DDCE77

Strings

%c%c==, xrefs: 00DDCE92
%c%c%c=, xrefs: 00DDCE6D
%c%c%c%c, xrefs: 00DDCE40

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___swprintf_l
String ID: %c%c%c%c$%c%c%c=$%c%c==
API String ID: 48624451-3943651191
Opcode ID: c7e7aef40af84889e5d896a69956a2c9287097272235c3d7cb40121946cfa213
Instruction ID: 424e03c6f69364b883c2f4c0056c937f2f97505c8bfa3e95d7f22a96940d2c57
Opcode Fuzzy Hash: c7e7aef40af84889e5d896a69956a2c9287097272235c3d7cb40121946cfa213
Instruction Fuzzy Hash: 1F5137B19146A95FDB21CF689C91BFB7FA8DB0A301F0811E6E890DF352D664D901DBB0

Function 00E7CB4B Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00E6E49E,E0830C40,?,?,?,?,?,?,00E7D2C0,00DE30C1,00E6E49E,?,00E6E49E,00E6E49E,00DE30C1), ref: 00E7CB8D
__fassign.LIBCMT ref: 00E7CC08
__fassign.LIBCMT ref: 00E7CC23
WideCharToMultiByte.KERNEL32(?,00000000,00E6E49E,00000001,?,00000005,00000000,00000000), ref: 00E7CC49
WriteFile.KERNEL32(?,?,00000000,00E7D2C0,00000000,?,?,?,?,?,?,?,?,?,00E7D2C0,00DE30C1), ref: 00E7CC68
WriteFile.KERNEL32(?,00DE30C1,00000001,00E7D2C0,00000000,?,?,?,?,?,?,?,?,?,00E7D2C0,00DE30C1), ref: 00E7CCA1

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: b10c9bd9df08a95cecce87415109b489a7cf7e016be6cf7c1a1cf5afc34af8af
Instruction ID: 0d6611401ee1d9228a8ebcf0fbdb1ff45c6ff67de2154cd8b0a4ac68c082cbcd
Opcode Fuzzy Hash: b10c9bd9df08a95cecce87415109b489a7cf7e016be6cf7c1a1cf5afc34af8af
Instruction Fuzzy Hash: 4F51B6B5A002499FDB11CFA4D885AEEFBF8FF09310F24811AE959F7251E6309945CB64

Function 00DAD1A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00DAD21B
new.LIBCMT ref: 00DAD232
Concurrency::cancel_current_task.LIBCPMT ref: 00DAD308
Concurrency::cancel_current_task.LIBCPMT ref: 00DAD30D
std::_Xinvalid_argument.LIBCPMT ref: 00DAD317

Strings

deque<T> too long, xrefs: 00DAD312

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Concurrency::cancel_current_task$Xinvalid_argumentstd::_
String ID: deque<T> too long
API String ID: 2406272785-309773918
Opcode ID: 145dbb821de993bd7cbdde8b81c51b72caf4f1239e23a3487b3fadd134f4db72
Instruction ID: 4238ffe6e18c51fdc75614503b36d5bc2c2272b5ccc36a82a6f958b1aa6bf9ba
Opcode Fuzzy Hash: 145dbb821de993bd7cbdde8b81c51b72caf4f1239e23a3487b3fadd134f4db72
Instruction Fuzzy Hash: B741E9B5900215AFCB10DFA8CD81EAEF7B9EF85310F158565E815AB641D734E901CBB0

Function 00DAF7F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 110COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,2C690420), ref: 00DAF852
GetLastError.KERNEL32(00000003,00000001,?,?,?,?,2C690420), ref: 00DAF88B
___std_exception_copy.LIBVCRUNTIME ref: 00DAF8F7

Strings

couldn't get module file name. error=, xrefs: 00DAF898
src\process_helper.cpp, xrefs: 00DAF923
class boost::filesystem::path __cdecl ProcessHelper::GetCurrentProcessPath(void), xrefs: 00DAF928

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorFileLastModuleName___std_exception_copy
String ID: class boost::filesystem::path __cdecl ProcessHelper::GetCurrentProcessPath(void)$couldn't get module file name. error=$src\process_helper.cpp
API String ID: 3319920476-2431939473
Opcode ID: 5e02915a82c34b3e66047c86d5fa0c9c1e34e6e486c02e6682e98fe5280e43db
Instruction ID: b47ff9d68a0c7c1fca07e952888b7ec65a78cae675e207a4be9d51b0485a7d3a
Opcode Fuzzy Hash: 5e02915a82c34b3e66047c86d5fa0c9c1e34e6e486c02e6682e98fe5280e43db
Instruction Fuzzy Hash: 1941A471D413199ADB64DF64CC4ABDEB7B8EF04704F0046EAE409B7291EB705A88CFA0

Function 00E84DC8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000006,00000000,00000000,0*,00000000,00000000,8B56FF8B,00E7A87A,?,00000006,00000001,00EB2A30,0000007F,?,8B56FF8B,00000001), ref: 00E84E15
MultiByteToWideChar.KERNEL32(?,00000001,00000000,00000000,00000000,00000000), ref: 00E84E9E
GetStringTypeW.KERNEL32(00000000,00000000,00000000,?), ref: 00E84EB0
__freea.LIBCMT ref: 00E84EB9

Part of subcall function 00E76524: RtlAllocateHeap.NTDLL(00000000,00000003,00000000,?,00000003,00E80083), ref: 00E76556

Strings

0*, xrefs: 00E84E03
0*, xrefs: 00E84DEF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID: 0*$0*
API String ID: 2652629310-919181215
Opcode ID: 9bcf37b0f50ac215ea8adfc3a4eb9f19eb1b3987ac57ff5492cf8b79a6df25ef
Instruction ID: c68bbedf284e96058128d542c1348a05ed6668a93afcedddc73e962ab35b825e
Opcode Fuzzy Hash: 9bcf37b0f50ac215ea8adfc3a4eb9f19eb1b3987ac57ff5492cf8b79a6df25ef
Instruction Fuzzy Hash: E131AEB2A0021AAFDF25AF65DC85DAE7BA5EB44314F054129FC08EA290E735DD54CBA0

Function 00DAEF80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 109COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00000104,?,?,2C690420,00000000), ref: 00DAEFE0
GetLastError.KERNEL32(00000003,00000001,?,?,?,?,2C690420,00000000), ref: 00DAF019
___std_exception_copy.LIBVCRUNTIME ref: 00DAF085

Strings

class boost::filesystem::path __cdecl PathHelper::GetCurrentDir(void), xrefs: 00DAF0B6
src\path_helper.cpp, xrefs: 00DAF0B1
couldn't get current directory. error=, xrefs: 00DAF026

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CurrentDirectoryErrorLast___std_exception_copy
String ID: class boost::filesystem::path __cdecl PathHelper::GetCurrentDir(void)$couldn't get current directory. error=$src\path_helper.cpp
API String ID: 898297047-775352103
Opcode ID: d96faf3fdce24ce67ecc67f439074147f316a6745c559c3314615a64547c3b70
Instruction ID: 230bf5916b3e6cf66dadd54e848033cb4a9b87a97556a32b4705151a5cca6bac
Opcode Fuzzy Hash: d96faf3fdce24ce67ecc67f439074147f316a6745c559c3314615a64547c3b70
Instruction Fuzzy Hash: B2419571D412199ADB64DF60DC4ABDEB7B8EF04704F0046EAE409B7291EB715B84CFA0

Function 00DC1C40 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 96COMMON

Download Yara Rule

Strings

Invalid TIMEVALUE, xrefs: 00DC1C9B
If-Unmodified-Since: %s, xrefs: 00DC1D21
If-Modified-Since: %s, xrefs: 00DC1D29
Last-Modified: %s, xrefs: 00DC1D19
%s, %02d %s %4d %02d:%02d:%02d GMT, xrefs: 00DC1CF0

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: %s, %02d %s %4d %02d:%02d:%02d GMT$If-Modified-Since: %s$If-Unmodified-Since: %s$Invalid TIMEVALUE$Last-Modified: %s
API String ID: 0-2575227759
Opcode ID: 5f622377e74bae089bbaa03d9e416c4e4ba911446502a9ef624b9cafd839563b
Instruction ID: 7096c882b7220c743e1c588815f6df586ff3febec4c5bb1c8a9cddce6fb80e7c
Opcode Fuzzy Hash: 5f622377e74bae089bbaa03d9e416c4e4ba911446502a9ef624b9cafd839563b
Instruction Fuzzy Hash: C731A436B0011EAFCB01DBA8DD41EADB7B9EF49354F040169F909B7252D632AD249BB0

Function 00E843C4 Relevance: 10.6, APIs: 7, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afad862778646c995ecf6fe9f5286eb76485fc5bdbd315ed1734dc073d97b82f
Instruction ID: d97768a2ce438db81a7b5961e4c3efd9292b696270258ac1b92e1a046819068c
Opcode Fuzzy Hash: afad862778646c995ecf6fe9f5286eb76485fc5bdbd315ed1734dc073d97b82f
Instruction Fuzzy Hash: AF11DAB2908156BFCB107FB6AC44E6B3AACDF86764B106615F82DF7191DA308901D760

Function 00E88327 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E8806E: _free.LIBCMT ref: 00E88097

_free.LIBCMT ref: 00E88375

Part of subcall function 00E772F5: RtlFreeHeap.NTDLL(00000000,00000000,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?), ref: 00E7730B
Part of subcall function 00E772F5: GetLastError.KERNEL32(?,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?,?), ref: 00E7731D

_free.LIBCMT ref: 00E88380
_free.LIBCMT ref: 00E8838B
_free.LIBCMT ref: 00E883DF
_free.LIBCMT ref: 00E883EA
_free.LIBCMT ref: 00E883F5
_free.LIBCMT ref: 00E88400

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: c7c186f875e9bf851825eba51c2093702d337b9ba73b7df1bcccc61af93c6a46
Instruction ID: fe65ef64348e85d1817124c1da5e8a2348c2c9625cb338f54cd7fde48bd39636
Opcode Fuzzy Hash: c7c186f875e9bf851825eba51c2093702d337b9ba73b7df1bcccc61af93c6a46
Instruction Fuzzy Hash: C2113A71640B04AEEA20FBB1CD07FCB77DCAF01700F805815B6ADB60A2DFA5B6089751

Function 00DC3A40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DC3A66
___from_strstr_to_strchr.LIBCMT ref: 00DC3A81
___from_strstr_to_strchr.LIBCMT ref: 00DC3A96

Strings

The requested URL returned error: %s, xrefs: 00DC3AA5
HTTP, xrefs: 00DC3A51
The requested URL returned error: %d, xrefs: 00DC3AC6

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: HTTP$The requested URL returned error: %d$The requested URL returned error: %s
API String ID: 601868998-4174864708
Opcode ID: 593968c6bad3a9a687e10f824304f65ed0d895415c0f119572ae2291c49d376f
Instruction ID: b899cb8aa6b442482ab99fc1b9e5b8781d915a4421ff5c9d1b77af5b60a4045f
Opcode Fuzzy Hash: 593968c6bad3a9a687e10f824304f65ed0d895415c0f119572ae2291c49d376f
Instruction Fuzzy Hash: 0401D62268135137DB1165A9BC02FCB7B888F867A1F0C4075FD8CAB243E656A65583F6

Function 00E80221 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00E6B8BC,00E6B8BC,?,?,?,00E80472,00000001,00000001,30E85006), ref: 00E8027B
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00E80472,00000001,00000001,30E85006,?,?,?), ref: 00E80301
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,30E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00E803FB
__freea.LIBCMT ref: 00E80408

Part of subcall function 00E76524: RtlAllocateHeap.NTDLL(00000000,00000003,00000000,?,00000003,00E80083), ref: 00E76556

__freea.LIBCMT ref: 00E80411
__freea.LIBCMT ref: 00E80436

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: a1c1fabbd09b0bbb441ccfb964927f6e3c6306afe65869d786504285a9b87349
Instruction ID: eef422b54fdbf372ca9dd93cb0c012fa37af739368952725b7c6b7c6ecce2d76
Opcode Fuzzy Hash: a1c1fabbd09b0bbb441ccfb964927f6e3c6306afe65869d786504285a9b87349
Instruction Fuzzy Hash: C551007260020AAFDB64AF60CC81EBB37A9EB40718F155628FE1CF6181EB74DC488760

Function 00E75D56 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 00E75D82
__cftoe.LIBCMT ref: 00E75DB4

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 3686f8cf2f1474b18b8b27a99aa8b637c87b6213084b7a00db7151b9f08b58f6
Instruction ID: 05f7d151e0663a69add610c25f62f7a82d42f8dd349731e34a7cbaa9d09215ae
Opcode Fuzzy Hash: 3686f8cf2f1474b18b8b27a99aa8b637c87b6213084b7a00db7151b9f08b58f6
Instruction Fuzzy Hash: 9F513B73904605ABDB249B688C45FBF77E8EF49324F20E21AF91DB6192DB71CE008664

Function 00D83190 Relevance: 9.1, APIs: 6, Instructions: 107COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00D831CD
std::_Lockit::_Lockit.LIBCPMT ref: 00D831ED
std::_Lockit::~_Lockit.LIBCPMT ref: 00D8320D
new.LIBCMT ref: 00D83256
std::_Facet_Register.LIBCPMT ref: 00D832B2
std::_Lockit::~_Lockit.LIBCPMT ref: 00D832BD

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: d817c5fda55ef57b1da2453fef5f5f9156094aaede660856d04e1dcf5b20f188
Instruction ID: 9e3e77f8f9ec00ef527c0053dbc65f415a9bdf4ad772bfc4a9c03a71a96a942a
Opcode Fuzzy Hash: d817c5fda55ef57b1da2453fef5f5f9156094aaede660856d04e1dcf5b20f188
Instruction Fuzzy Hash: C541AF71900298CFCB10EF95C881BAEB7F4EB44B14F14415DE80AAB252DB71AE49CBF1

Function 00DDB9D0 Relevance: 9.1, APIs: 6, Instructions: 104COMMON

Download Yara Rule

APIs

VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000004,?,?,00000000), ref: 00DDBAAB
VerSetConditionMask.KERNEL32(00000000,?,00000001,00000004), ref: 00DDBAB2
VerSetConditionMask.KERNEL32(00000000,?,00000020,00000005,?,00000001,00000004), ref: 00DDBABF
VerSetConditionMask.KERNEL32(00000000,?,00000010,00000005,?,00000020,00000005,?,00000001,00000004), ref: 00DDBAC6
VerSetConditionMask.KERNEL32(00000000,?,00000008,00000001,?,00000010,00000005,?,00000020,00000005,?,00000001,00000004), ref: 00DDBAD2
VerifyVersionInfoA.KERNEL32(0000009C,00000033,00000000), ref: 00DDBADF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersion
String ID:
API String ID: 2793162063-0
Opcode ID: 49b38c471adb2d1ceb08ae6bf94c17cadad9a4d345be086d7b430455ccaf8751
Instruction ID: a9d66887cd9662475c874bc39204707de9630a5179835eb2997a1a89e68aa458
Opcode Fuzzy Hash: 49b38c471adb2d1ceb08ae6bf94c17cadad9a4d345be086d7b430455ccaf8751
Instruction Fuzzy Hash: 71317770B04358EEEF20CB64CC45FAF7BB8EB46714F4500DAA58D67381D6B59E548B22

Function 00D922D0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D922EA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D922FE
__allrem.LIBCMT ref: 00D92309
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D9231D
__allrem.LIBCMT ref: 00D92328
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D9233D

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem
String ID:
API String ID: 632788072-0
Opcode ID: ec57bf6a0eb131a96af06d472c3d3006e996052973ab624af99d2562a55864f8
Instruction ID: 001a1068cb2143e8a2f7532f5c69ffa1aa5b0d6bef6d484c38e5c5c2a0ac2756
Opcode Fuzzy Hash: ec57bf6a0eb131a96af06d472c3d3006e996052973ab624af99d2562a55864f8
Instruction Fuzzy Hash: FB018D71640209BEEB115F54DC03F37BB59EF44720F208166BB146A1D6D761F92097F8

Function 00DF25CA Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00DF25D1
std::_Lockit::_Lockit.LIBCPMT ref: 00DF25DB

Part of subcall function 00D727E0: std::_Lockit::_Lockit.LIBCPMT ref: 00D727FD
Part of subcall function 00D727E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00D72819

messages.LIBCPMT ref: 00DF2615
__CxxThrowException@8.LIBVCRUNTIME ref: 00DF2632
std::_Facet_Register.LIBCPMT ref: 00DF2651
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF265A

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 1b2b97455ca38fb8140625bcf8265e3076370249b2abe83e5cd66abae0c93966
Instruction ID: 2b5ba2cc4b2f83b0a4e1e67b7edb40ced1d6e41fc7db6c28c30bbaff7faa8a8f
Opcode Fuzzy Hash: 1b2b97455ca38fb8140625bcf8265e3076370249b2abe83e5cd66abae0c93966
Instruction Fuzzy Hash: 7C018E31D002589BCF05EBA4CD92ABDB375EF84320F254409F615BB291DF749E419BB2

Function 00DF252D Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00DF2534
std::_Lockit::_Lockit.LIBCPMT ref: 00DF253E

Part of subcall function 00D727E0: std::_Lockit::_Lockit.LIBCPMT ref: 00D727FD
Part of subcall function 00D727E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00D72819

collate.LIBCPMT ref: 00DF2578
__CxxThrowException@8.LIBVCRUNTIME ref: 00DF2595
std::_Facet_Register.LIBCPMT ref: 00DF25B4
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF25BD

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: aa1d82e58b984ad3d43e318f4abd4cc890b3280e0d8bbb4fee6bc60ded93b445
Instruction ID: 695e60085eee432f0926795aa89737a42c7c84db762772c6f80e3687e6222f62
Opcode Fuzzy Hash: aa1d82e58b984ad3d43e318f4abd4cc890b3280e0d8bbb4fee6bc60ded93b445
Instruction Fuzzy Hash: 74018E32D0011C9BCF05EBA0DD62ABEB375EF44360F254409F6157B291DF349A018BB2

Function 00DF27A1 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00DF27A8
std::_Lockit::_Lockit.LIBCPMT ref: 00DF27B2

Part of subcall function 00D727E0: std::_Lockit::_Lockit.LIBCPMT ref: 00D727FD
Part of subcall function 00D727E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00D72819

moneypunct.LIBCPMT ref: 00DF27EC
__CxxThrowException@8.LIBVCRUNTIME ref: 00DF2809
std::_Facet_Register.LIBCPMT ref: 00DF2828
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF2831

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 515c4372e20dc8d405704dd377555e71da626644782b5aac080ed513db3e92ac
Instruction ID: 3196fafef5ea6c5954b0060496c80b93ad8fe9e8a1521f77903a70d5f3c79322
Opcode Fuzzy Hash: 515c4372e20dc8d405704dd377555e71da626644782b5aac080ed513db3e92ac
Instruction Fuzzy Hash: 14017C3590021C9BCF05EBA0CD52ABEB375EF84360B254409F5157B291DF34AA458BB2

Function 00DF283E Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00DF2845
std::_Lockit::_Lockit.LIBCPMT ref: 00DF284F

Part of subcall function 00D727E0: std::_Lockit::_Lockit.LIBCPMT ref: 00D727FD
Part of subcall function 00D727E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00D72819

moneypunct.LIBCPMT ref: 00DF2889
__CxxThrowException@8.LIBVCRUNTIME ref: 00DF28A6
std::_Facet_Register.LIBCPMT ref: 00DF28C5
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF28CE

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 4177359053224a42f9b7b010f0657f8bd7aac19c66da418d6789161ea485ae3f
Instruction ID: 0c0a726852a7f63d3d600d92ef0bb946b32b2e83c26782dd522708a7e9792d09
Opcode Fuzzy Hash: 4177359053224a42f9b7b010f0657f8bd7aac19c66da418d6789161ea485ae3f
Instruction Fuzzy Hash: 36018E31D001199BCF05EBA0CD62ABDB365EF84360F258409F5157B291DF749A018BB2

Function 00E80000 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00E74C15,00EDD438,00000010), ref: 00E80004
_free.LIBCMT ref: 00E80037
_free.LIBCMT ref: 00E8005F
SetLastError.KERNEL32(00000000), ref: 00E8006C
SetLastError.KERNEL32(00000000), ref: 00E80078
_abort.LIBCMT ref: 00E8007E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: dda694efcd15f4b13c774646a87958e4edb526fa410da7bff2fc0a9423c8d4ff
Instruction ID: f5efece983e6a3b4c36598c9bbc919152d07cc13c7cb44535c11177f4dd78ca5
Opcode Fuzzy Hash: dda694efcd15f4b13c774646a87958e4edb526fa410da7bff2fc0a9423c8d4ff
Instruction Fuzzy Hash: F6F0C8326057406AC6B7337A6C45B6B26A99FC27B5F216824F52CB21A3EF618C499320

Function 00E13820 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 215COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00E13822

Strings

list<T> too long, xrefs: 00E13A17
deque<T> too long, xrefs: 00E13989

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: deque<T> too long$list<T> too long
API String ID: 0-27806271
Opcode ID: cd21b29496c39733ec34ec1bd0d85f427ccfae17cca2bff811bde9dded722446
Instruction ID: 29abeb1d81bf4bdf6c0819bc04a299bd2f6e7ce0c1cdb4cd6f36f0c26ab37238
Opcode Fuzzy Hash: cd21b29496c39733ec34ec1bd0d85f427ccfae17cca2bff811bde9dded722446
Instruction Fuzzy Hash: A5517D75604205AFC704DF28C984E9AB7E9EFC8704F14892DF8499B355DA70ED45CBA1

Function 00DBA960 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 168COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DBAA6A

Strings

%25, xrefs: 00DBA9E9
Invalid IPv6 address format, xrefs: 00DBAA57
Please URL encode %% as %%25, see RFC 6874., xrefs: 00DBA9FA
No valid port number in connect to host string (%s), xrefs: 00DBAAAE

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: %25$Invalid IPv6 address format$No valid port number in connect to host string (%s)$Please URL encode %% as %%25, see RFC 6874.
API String ID: 601868998-2404041592
Opcode ID: a2193761b770723c41a2bf0f7a9c54ef6345a6a00108049356503ffbff5bd498
Instruction ID: 15598c00e769dcfbf4e739506ebea64fe82b9c8e3fac55f5e2b694327eff3c3c
Opcode Fuzzy Hash: a2193761b770723c41a2bf0f7a9c54ef6345a6a00108049356503ffbff5bd498
Instruction Fuzzy Hash: E55122B0900285ABDF318F2DAC417EA7BD99F12310F1C0066FCCA96282E635DA55D7B3

Function 00DC41B0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 162COMMON

Download Yara Rule

Strings

%x%s, xrefs: 00DC430A
read function returned funny value, xrefs: 00DC42AD
Read callback asked for PAUSE when not supported!, xrefs: 00DC424F
operation aborted by callback, xrefs: 00DC420B

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___swprintf_l
String ID: %x%s$Read callback asked for PAUSE when not supported!$operation aborted by callback$read function returned funny value
API String ID: 48624451-1291304620
Opcode ID: e5ece5a9302bc9ba5bbf9bbbb4c2363566d61b12ba7f912699d3e2e3d1d6dc67
Instruction ID: cb6d7a029b95e7c79b5678401769afe95571d9c7bd3965a205e0f40fe39dde4b
Opcode Fuzzy Hash: e5ece5a9302bc9ba5bbf9bbbb4c2363566d61b12ba7f912699d3e2e3d1d6dc67
Instruction Fuzzy Hash: 7C514731B003099FCB20DF68D852BEEB7E4EF8A310F0401ADE949A7281DB756D448BB0

Function 00D836B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 143COMMON

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 00D836F1
__Getcvt.LIBCPMT ref: 00D83748
Concurrency::cancel_current_task.LIBCPMT ref: 00D83770

Strings

true, xrefs: 00D837AD
false, xrefs: 00D83797

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Getcvt$Concurrency::cancel_current_task
String ID: false$true
API String ID: 1267538876-2658103896
Opcode ID: ee5d654d25c5341ae0f48be93dbbfdc041aba1ee7e9f96e972d2ac4c4d1fedb5
Instruction ID: 4afedf853864f667e19fe735230e33b11f2d3cf6e9a035d9480e37ecf4a43514
Opcode Fuzzy Hash: ee5d654d25c5341ae0f48be93dbbfdc041aba1ee7e9f96e972d2ac4c4d1fedb5
Instruction Fuzzy Hash: 3C51B4B1D002489EDB00DFA5C841BFEB7B8FF49704F14826AE945AB241E775AA45CBB0

Function 00DA65D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

APIs

___std_type_info_name.LIBVCRUNTIME ref: 00DA66C6

Strings

A), xrefs: 00DA6658
void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 00DA670C
" to data failed, xrefs: 00DA66DC
conversion of type ", xrefs: 00DA669C

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_type_info_name
String ID: " to data failed$A)$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
API String ID: 1734802720-3788307697
Opcode ID: f4afc374b84f7ee78df8327204992fe97597ff9ccb244f16e5ae51b6fcd49444
Instruction ID: b3a9fcd11d0eef9c17c2d0142608c94d518f2fec72173ba710909e62e23905d3
Opcode Fuzzy Hash: f4afc374b84f7ee78df8327204992fe97597ff9ccb244f16e5ae51b6fcd49444
Instruction Fuzzy Hash: 8041A271904248EEDB15DBA4CC45BEEBBB8EB15304F188159F411BB2C2EB75AA08C7B1

Function 00DA6720 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

APIs

___std_type_info_name.LIBVCRUNTIME ref: 00DA6816

Strings

A), xrefs: 00DA67A8
void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 00DA685C
" to data failed, xrefs: 00DA682C
conversion of type ", xrefs: 00DA67EC

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_type_info_name
String ID: " to data failed$A)$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
API String ID: 1734802720-3788307697
Opcode ID: 891e997c8d605415666c289eaf59ba865657b24c1728bc92b270e2252c61ad26
Instruction ID: 094264137bfe8350de6bd0ec5951703e9df4854722faa05d7c19d45fb842f32e
Opcode Fuzzy Hash: 891e997c8d605415666c289eaf59ba865657b24c1728bc92b270e2252c61ad26
Instruction Fuzzy Hash: 6141D071904248EEDB05DBA4C845BEFBBB9EB11304F148158F411BB6C2EB75AA08CBB1

Function 00DA6390 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 109COMMON

Download Yara Rule

APIs

___std_type_info_name.LIBVCRUNTIME ref: 00DA6488

Strings

A), xrefs: 00DA641A
" to data failed, xrefs: 00DA649E
conversion of type ", xrefs: 00DA645E
void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 00DA64CE

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_type_info_name
String ID: " to data failed$A)$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
API String ID: 1734802720-3788307697
Opcode ID: dc461a810472408d6bc58a0a923e08dd0903dc13fcb6a72de4833df3a864a60b
Instruction ID: bc340bd357bcccc5cde42c77ac8ff0e2c7ca915490814330b620bc3e1f297fb5
Opcode Fuzzy Hash: dc461a810472408d6bc58a0a923e08dd0903dc13fcb6a72de4833df3a864a60b
Instruction Fuzzy Hash: B841B17190424CEFDB15DBA4C845BEEBBB8EB15304F148159F415BB2C2EBB55A08CBB1

Function 00DA0DD0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 108COMMON

Download Yara Rule

APIs

Part of subcall function 00DA0BC0: ___std_exception_copy.LIBVCRUNTIME ref: 00DA0C03

__CxxThrowException@8.LIBVCRUNTIME ref: 00DA0E5E

Part of subcall function 00E61273: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFBF47,?,?,?,?,?,?,?,?,00DFBF47,?,00ED0200), ref: 00E612D2

new.LIBCMT ref: 00DA0EA2

Strings

(, xrefs: 00DA0E2E
0, xrefs: 00DA0E24
0, xrefs: 00DA0EF6

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
String ID: ($0$0
API String ID: 2739578831-1495436935
Opcode ID: 0a7a23697a8e66be2f127c562cdb0d133e100fdda7c05aea85b4477e6f64feab
Instruction ID: 480ae15fc51120f43d84f02a39dfa6f0c7091f4009d324e4a5cd87637313bebf
Opcode Fuzzy Hash: 0a7a23697a8e66be2f127c562cdb0d133e100fdda7c05aea85b4477e6f64feab
Instruction Fuzzy Hash: 924171B5900609EFCB00CF98D845B9EFBF4FB49314F108659E814AB791D7B4A904CBE0

Function 00DF97F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KERNEL32.DLL,GetTickCount64,00000000,2C690420,74DEDF60,00E948B4), ref: 00DF9830
GetProcAddress.KERNEL32(00000000), ref: 00DF9837

Strings

GetTickCount64, xrefs: 00DF9826
KERNEL32.DLL, xrefs: 00DF982B

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetTickCount64$KERNEL32.DLL
API String ID: 1646373207-3320051239
Opcode ID: 7f122bff54d8b487f2181832adacad0d135f5e6c7a620550c0cb1037b529094e
Instruction ID: 983486f781d9f3f2d9ea5313125132cbc62387f27b51d63b109f69d319b1307e
Opcode Fuzzy Hash: 7f122bff54d8b487f2181832adacad0d135f5e6c7a620550c0cb1037b529094e
Instruction Fuzzy Hash: 7231C831E043059FD714DB28CC50B7AB7D1EB96350F1ACA1DF2A6872A1D770D84887A1

Function 00D9D820 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94threadCOMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00D9D87C

Part of subcall function 00D9F1D0: __CxxThrowException@8.LIBVCRUNTIME ref: 00D9F224

Part of subcall function 00D85930: CloseHandle.KERNEL32(00000000,2C690420), ref: 00D85985
Part of subcall function 00D85930: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,2C690420,?,?,?,2C690420,?,00DF943D,2C690420), ref: 00D85997

___std_exception_copy.LIBVCRUNTIME ref: 00D9D8E7
GetCurrentThreadId.KERNEL32 ref: 00D9D922

Part of subcall function 00DFAD40: __Init_thread_footer.LIBCMT ref: 00DFADA3

Strings

$, xrefs: 00D9D8EF
boost unique_lock owns already the mutex, xrefs: 00D9D8CF, 00D9D8E1

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_exception_copy$CloseCurrentException@8HandleInit_thread_footerObjectSingleThreadThrowWait
String ID: $$boost unique_lock owns already the mutex
API String ID: 169746467-1517442662
Opcode ID: 758175cea451491ce55a556692f4bb2179dd59ca2c8e8b313fb2e6dcd8cedd7c
Instruction ID: bbfe75b9332a0d0fab629bc62dc18d7c1cbe8c062fe15956015eb8c6e5485232
Opcode Fuzzy Hash: 758175cea451491ce55a556692f4bb2179dd59ca2c8e8b313fb2e6dcd8cedd7c
Instruction Fuzzy Hash: A84129B1D00348DADF20DFA4C8457DEBBF8EF09714F244229E815BB641D7B56988CBA0

Function 00DBEEE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 00DBEF14
WSAIoctl.WS2_32(?,98000004,00000001,0000000C,00000000,00000000,?,00000000,00000000), ref: 00DBEF8D
WSAGetLastError.WS2_32 ref: 00DBEF97

Strings

Failed to set SIO_KEEPALIVE_VALS on fd %d: %d, xrefs: 00DBEF9F
Failed to set SO_KEEPALIVE on fd %d, xrefs: 00DBEF1F

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorIoctlLastsetsockopt
String ID: Failed to set SIO_KEEPALIVE_VALS on fd %d: %d$Failed to set SO_KEEPALIVE on fd %d
API String ID: 1819429192-277924715
Opcode ID: f4bac12fa9505114d32c53f9c8c76bf819b7d1c3b5777e359b9dc2f691886081
Instruction ID: 1eabe7c04238e2cb62334825501db94f8fc9022c49055ee8781c729229498b41
Opcode Fuzzy Hash: f4bac12fa9505114d32c53f9c8c76bf819b7d1c3b5777e359b9dc2f691886081
Instruction Fuzzy Hash: 67216071A40209AFDB00DF659C46FFEB7B8EF45701F10406AF905FA1D1EA746A0487B1

Function 00DBD260 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00DBD2D7

Strings

Data, xrefs: 00DBD29C
from, xrefs: 00DBD2B2, 00DBD2C4
Header, xrefs: 00DBD2AD, 00DBD2B9, 00DBD2C5
[%s %s %s], xrefs: 00DBD2C6

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___swprintf_l
String ID: Data$Header$[%s %s %s]$from
API String ID: 48624451-3178933089
Opcode ID: fe9e567196f8c7c92dba3e49d898829e079c934cd0dfb0db2d87b889cfc088f5
Instruction ID: 9d875900becf13bffcade5d9b46851681c04ee378456a60723eb1740e6f91a76
Opcode Fuzzy Hash: fe9e567196f8c7c92dba3e49d898829e079c934cd0dfb0db2d87b889cfc088f5
Instruction Fuzzy Hash: B7119635A04308EBDB18DE55CC41FFA7369DF86340F4845A9F946AB242E671AE0587B2

Function 00D725B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00D725E7
___std_exception_copy.LIBVCRUNTIME ref: 00D72653
__CxxThrowException@8.LIBVCRUNTIME ref: 00D7266B

Part of subcall function 00E61273: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFBF47,?,?,?,?,?,?,?,?,00DFBF47,?,00ED0200), ref: 00E612D2

std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00D72672

Strings

bad locale name, xrefs: 00D7263F

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$DispatcherExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_ThrowUser___std_exception_copy
String ID: bad locale name
API String ID: 2355598456-1405518554
Opcode ID: c26831780f6ba8f5b89e901abfccb84f7445373708b74e618b9d25b1c8db86fa
Instruction ID: 36b1e7b4d7a76ad0b8cae347bc69cca7d97c7d707ddc019c39acbcd9fb682949
Opcode Fuzzy Hash: c26831780f6ba8f5b89e901abfccb84f7445373708b74e618b9d25b1c8db86fa
Instruction Fuzzy Hash: ED219CB18047889ECB20DFA9C905B9FBBF8EF19710F00461EE449B7741E775A608CBA5

Function 00E756F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 51COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00E7570A

Strings

.com, xrefs: 00E7574A
.bat, xrefs: 00E75739
.exe, xrefs: 00E75717
.cmd, xrefs: 00E75728

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 593b6e8f4c64f1249a32b676dab43ee078b79e28e24a450727b1f024092dfbbd
Instruction ID: dbc726d45d80973b19253b16f679622ebce5f3b817251c55eb3f26771443692f
Opcode Fuzzy Hash: 593b6e8f4c64f1249a32b676dab43ee078b79e28e24a450727b1f024092dfbbd
Instruction Fuzzy Hash: DDF0907724DF2BA56A193424AC13AFB23C8CF42B74B247057F50C7A4D2DF91E94292A8

Function 00E79786 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00E79737,00000003,?,00E796D7,00000003,00EDD518,0000000C,00E7982E,00000003,00000002), ref: 00E797A6
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E797B9
FreeLibrary.KERNEL32(00000000,?,?,?,00E79737,00000003,?,00E796D7,00000003,00EDD518,0000000C,00E7982E,00000003,00000002,00000000), ref: 00E797DC

Strings

mscoree.dll, xrefs: 00E7979F
CorExitProcess, xrefs: 00E797B1

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 1e79dcbd3ea0785981a39169ecb4c7017c364c9ea166776f9b3279d19bc992dd
Instruction ID: eeecb8ed039c642facc311ee7ed09718c6d5005ade3b0eff943a0da6bad768ae
Opcode Fuzzy Hash: 1e79dcbd3ea0785981a39169ecb4c7017c364c9ea166776f9b3279d19bc992dd
Instruction Fuzzy Hash: E2F0C230A00208BFCB089FA1DC49BEEBFB8EF09715F408069F909B2190DB705E85CB90

Function 00E60631 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00E6064D
__CxxThrowException@8.LIBVCRUNTIME ref: 00E6065D

Part of subcall function 00E61273: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFBF47,?,?,?,?,?,?,?,?,00DFBF47,?,00ED0200), ref: 00E612D2

std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00E60688

Strings

Bad read pointer - no RTTI data!, xrefs: 00E6067F
Attempted a typeid of nullptr pointer!, xrefs: 00E60644

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::__non_rtti_object::__construct_from_string_literal$DispatcherExceptionException@8ThrowUser
String ID: Attempted a typeid of nullptr pointer!$Bad read pointer - no RTTI data!
API String ID: 2590406442-4195314292
Opcode ID: b9b97274193b5f0933356fb40643412379838f73dc4d127cefb0e4595d060487
Instruction ID: 1b263dadcb31b6b2a8c62ef90d722b94c1737a131084c83c8b5ef198b9611697
Opcode Fuzzy Hash: b9b97274193b5f0933356fb40643412379838f73dc4d127cefb0e4595d060487
Instruction Fuzzy Hash: 27F09A71684308AEDB00EBE4E946E9F73E8EB04750B20A086F500BB291EB70EE019620

Function 00E847B2 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db58674bf05f163b85e0f6f2e0ffe66223b8a5cc9611137cbdd5fa756d6b6881
Instruction ID: a0e58b528b4a9b174e2f3cbf1a19524430b3299aaa2c57d637fe8daca1354d1d
Opcode Fuzzy Hash: db58674bf05f163b85e0f6f2e0ffe66223b8a5cc9611137cbdd5fa756d6b6881
Instruction Fuzzy Hash: 6A71CCB19002579FCB36AB95C884ABFBBB8EF81354F14666AE41D7B1C0E7708D41C7A0

Function 00E0E880 Relevance: 7.7, APIs: 5, Instructions: 195COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00E0E8CE

Part of subcall function 00E61273: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFBF47,?,?,?,?,?,?,?,?,00DFBF47,?,00ED0200), ref: 00E612D2

Part of subcall function 00E0C770: ___std_exception_copy.LIBVCRUNTIME ref: 00E0C797

__CxxThrowException@8.LIBVCRUNTIME ref: 00E0E92E

Part of subcall function 00E0C7E0: ___std_exception_copy.LIBVCRUNTIME ref: 00E0C807

__CxxThrowException@8.LIBVCRUNTIME ref: 00E0E98E

Part of subcall function 00E0C850: ___std_exception_copy.LIBVCRUNTIME ref: 00E0C877

__CxxThrowException@8.LIBVCRUNTIME ref: 00E0E9EE

Part of subcall function 00E0C8E0: ___std_exception_copy.LIBVCRUNTIME ref: 00E0C907

__CxxThrowException@8.LIBVCRUNTIME ref: 00E0EA4E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Exception@8Throw$___std_exception_copy$DispatcherExceptionUser
String ID:
API String ID: 2581116207-0
Opcode ID: 17e126bb3a46b4d49248bdfa94ce4beafabbf26a6a27a9536c7287763e287a3e
Instruction ID: db6250a0eb4b99c0d4012090761439a5b6bff91b7fa103cc7dc4bcfd3703eda5
Opcode Fuzzy Hash: 17e126bb3a46b4d49248bdfa94ce4beafabbf26a6a27a9536c7287763e287a3e
Instruction Fuzzy Hash: 69412CB190024CBBCF01EBE4CC45F8EBBBCEB04754F544A22F910F7691E775A2488A64

Function 00E7A1A4 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E7A216
_free.LIBCMT ref: 00E7A236

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: e9891b0f885ba2527191f140d27810bea6eb0f4f05dbd404ac26e3eed5b759c8
Instruction ID: eb1911cf48f24c6d3cfff88fd4a04a1003b16044ef14c3dcaf3cfb59e2da9ad2
Opcode Fuzzy Hash: e9891b0f885ba2527191f140d27810bea6eb0f4f05dbd404ac26e3eed5b759c8
Instruction Fuzzy Hash: 7541D272A00204DFCB24DFB8C881A5DB7E5EF88714F158569E919FB392D731AD02CB81

Function 00E08F30 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00E08F54

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef4f6fca64fbf271f86fbd6406400777bb39174956d09e228a1710cad48ac567
Instruction ID: 87a579e7996ad782bae5dfb32abb831a2b623d2499b4ea0756881badc09b789d
Opcode Fuzzy Hash: ef4f6fca64fbf271f86fbd6406400777bb39174956d09e228a1710cad48ac567
Instruction Fuzzy Hash: 2E21687160020A9BDB14AB74D941B6EB399EF50364F10862EF85AE72C3EF35DD8187B1

Function 00E80084 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00E6DA2C,00E75FA2,?,00E8002E,00000001,00000364,?,00E74C15,00EDD438,00000010), ref: 00E80089
_free.LIBCMT ref: 00E800BE
_free.LIBCMT ref: 00E800E5
SetLastError.KERNEL32(00000000), ref: 00E800F2
SetLastError.KERNEL32(00000000), ref: 00E800FB

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 5b3a960aa3e114e40642908f75bebeccc8dce65fc652a88a57364a8fc1cca418
Instruction ID: da5061f336c7cc06fdd8e9762b05ca84ef0e1d3de1a2db915ab7f60735b5ad34
Opcode Fuzzy Hash: 5b3a960aa3e114e40642908f75bebeccc8dce65fc652a88a57364a8fc1cca418
Instruction Fuzzy Hash: D401F9766457402E966276765CC5B6B11ADDBC2375B203424F41DB21A3EFA0880D5370

Function 00DF2667 Relevance: 7.6, APIs: 5, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00DF266E
std::_Lockit::_Lockit.LIBCPMT ref: 00DF2678

Part of subcall function 00D727E0: std::_Lockit::_Lockit.LIBCPMT ref: 00D727FD
Part of subcall function 00D727E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00D72819

__CxxThrowException@8.LIBVCRUNTIME ref: 00DF26CF
std::_Facet_Register.LIBCPMT ref: 00DF26EE
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF26F7

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: fe7285e96a514a44bc0dedb43363448dc90d3f06fd7b8144f131666fca1e820e
Instruction ID: b93232baddcca1f06faa254dc2015e1c56bcd4b881118fabd8ad0e4178de05d1
Opcode Fuzzy Hash: fe7285e96a514a44bc0dedb43363448dc90d3f06fd7b8144f131666fca1e820e
Instruction Fuzzy Hash: B101CE31D0015C8BCF05EBA0CD92ABEB335EF84320F268409F615BB291DF349A019BB2

Function 00DF2704 Relevance: 7.6, APIs: 5, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00DF270B
std::_Lockit::_Lockit.LIBCPMT ref: 00DF2715

Part of subcall function 00D727E0: std::_Lockit::_Lockit.LIBCPMT ref: 00D727FD
Part of subcall function 00D727E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00D72819

__CxxThrowException@8.LIBVCRUNTIME ref: 00DF276C
std::_Facet_Register.LIBCPMT ref: 00DF278B
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF2794

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: cd4b9270732806c2434de5260b8a3fc7228138c457686d18bf033576ee3bea81
Instruction ID: 797343e76f381af26177d7c3f3026b567d4a31767fecb31f9f6ca2535cc55932
Opcode Fuzzy Hash: cd4b9270732806c2434de5260b8a3fc7228138c457686d18bf033576ee3bea81
Instruction Fuzzy Hash: 93015B3590021C9BCF05FBA0CD52ABEB365EF84360F26440AF6157B291DF749A05DBB2

Function 00DF28DB Relevance: 7.6, APIs: 5, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00DF28E2
std::_Lockit::_Lockit.LIBCPMT ref: 00DF28EC

Part of subcall function 00D727E0: std::_Lockit::_Lockit.LIBCPMT ref: 00D727FD
Part of subcall function 00D727E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00D72819

__CxxThrowException@8.LIBVCRUNTIME ref: 00DF2943
std::_Facet_Register.LIBCPMT ref: 00DF2962
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF296B

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4dccb571674adae6e294639e22de2c64c3b754f9c6fbd424985f5118b83c87c0
Instruction ID: 0e6906f4fd7b216f7e4b507e92432230803298bae5891ef59cde509325e598a1
Opcode Fuzzy Hash: 4dccb571674adae6e294639e22de2c64c3b754f9c6fbd424985f5118b83c87c0
Instruction Fuzzy Hash: E3017C319002189BCF05EBA0CC52ABEB765EB84320F258409F6157B291DF749A058BB2

Function 00E87DE9 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E87E01

Part of subcall function 00E772F5: RtlFreeHeap.NTDLL(00000000,00000000,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?), ref: 00E7730B
Part of subcall function 00E772F5: GetLastError.KERNEL32(?,?,00E8809C,?,00000000,?,00000000,?,00E88340,?,00000007,?,?,00E88729,?,?), ref: 00E7731D

_free.LIBCMT ref: 00E87E13
_free.LIBCMT ref: 00E87E25
_free.LIBCMT ref: 00E87E37
_free.LIBCMT ref: 00E87E49

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b9b5268ebd0a47b48c2c1cadd135b3fdc5339ac07ccbfaac0a7bfa3de2365eca
Instruction ID: cf20b527db4883faabecfbafb0ddde84557b6a9777f70c8d903bbcf9e3a724aa
Opcode Fuzzy Hash: b9b5268ebd0a47b48c2c1cadd135b3fdc5339ac07ccbfaac0a7bfa3de2365eca
Instruction Fuzzy Hash: 89F0FF72508684AB8660FB6AE4C2D2677E9EB45714768684AF0DCFB911CB70FDC08B64

Function 00D7E350 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 406COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D7E76D
std::_Xinvalid_argument.LIBCPMT ref: 00D7E777

Strings

string too long, xrefs: 00D7E768, 00D7E772
invalid string position, xrefs: 00D7E754, 00D7E75E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: 881709f589ab1ec809fd892e789ec1297eb74049f13a317a95b42c6738134a84
Instruction ID: ab202f85071499bc6a7034e8b69916e14fe409721690c10a26badef961141068
Opcode Fuzzy Hash: 881709f589ab1ec809fd892e789ec1297eb74049f13a317a95b42c6738134a84
Instruction Fuzzy Hash: A6E12D7060020ADBCB24CF58D5C099EB7FAFF8C74976089A9E859CB215E730E955CBB1

Function 00D89630 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 391COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D899F7
std::_Xinvalid_argument.LIBCPMT ref: 00D89A01

Strings

string too long, xrefs: 00D899F2, 00D899FC
invalid string position, xrefs: 00D899DE, 00D899E8

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: aab3b39f517b7e5841b0cad806fdae9afe5bd0872df795ead3a6cc7f1feef45a
Instruction ID: a8f617b4a7a701d2f8d802c0f1ca1cb810debe7a45d787ededd7252cd2684b41
Opcode Fuzzy Hash: aab3b39f517b7e5841b0cad806fdae9afe5bd0872df795ead3a6cc7f1feef45a
Instruction Fuzzy Hash: F1D13E71700205DBDB28EF0CC8A196AB7F6EF85700B68492DE8D69B741D730E991CBB0

Function 00E78351 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00E78503
__freea.LIBCMT ref: 00E78521

Part of subcall function 00DE5508: _free.LIBCMT ref: 00DE551E

Strings

am/pm, xrefs: 00E78584
a/p, xrefs: 00E785E8

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: b735ad600182b6f2564239b54b7dd659e4c7234415e3eed996e57fe73b9e2669
Instruction ID: 80fae3f2d159fb813eb12e7de85ef6f79e431074c62e27b0809c0a6cad09d384
Opcode Fuzzy Hash: b735ad600182b6f2564239b54b7dd659e4c7234415e3eed996e57fe73b9e2669
Instruction Fuzzy Hash: 21D1F631980206DACB289F68C68D6FAB7B1FF25714F24E15AE54EFB250DB359D40CB60

Function 00E51650 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 325COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00E51721
new.LIBCMT ref: 00E5183E
std::_Xinvalid_argument.LIBCPMT ref: 00E518E2

Part of subcall function 00E4E0C0: new.LIBCMT ref: 00E4E0C2

Part of subcall function 00E4E030: new.LIBCMT ref: 00E4E032

Part of subcall function 00DFB0AE: __onexit.LIBCMT ref: 00DFB0B4

Strings

list<T> too long, xrefs: 00E518DD

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Init_thread_footerXinvalid_argument__onexitstd::_
String ID: list<T> too long
API String ID: 3927684510-4027344264
Opcode ID: d3c92b6592532c527067df2048764116f458f5089e63a3710a97a03168cb8873
Instruction ID: d1ed39ff52a6480ca9bd7113f81927748142bd3a8eaa133e17237c1447d619db
Opcode Fuzzy Hash: d3c92b6592532c527067df2048764116f458f5089e63a3710a97a03168cb8873
Instruction Fuzzy Hash: 0AD1ABB4A00248DFCB14CF58E881BADB7F5FB48315F188569E815BB392D771AD08CB90

Function 00D891D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 230COMMON

Download Yara Rule

Strings

string too long, xrefs: 00D893A7, 00D893B1
invalid string position, xrefs: 00D8939D

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: invalid string position$string too long
API String ID: 0-4289949731
Opcode ID: 0bb5c3f805b41bd67cb288a41071da86cee039d48a51fc460f9114f26caa8696
Instruction ID: 01c1e2137027d1ed8cdd8ae5d577d427684925cfc98b0f83a38e22e71d650256
Opcode Fuzzy Hash: 0bb5c3f805b41bd67cb288a41071da86cee039d48a51fc460f9114f26caa8696
Instruction Fuzzy Hash: 4F71F431700205ABCB24EE5CD8A1A7EF7E6EF85710B288929F8D597381D771DD508BB4

Function 00D7DF00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 181COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D7E0A3
std::_Xinvalid_argument.LIBCPMT ref: 00D7E0AD

Strings

string too long, xrefs: 00D7E09E, 00D7E0A8
invalid string position, xrefs: 00D7E08A, 00D7E094

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: 04a58f48677cb79e3a2b4051f491cba9a71f89ce37babc9d90f4db23efae390d
Instruction ID: 59df113a844a81bf583392669c6d71229ad58da01e4b6e7656170fcf8f53193a
Opcode Fuzzy Hash: 04a58f48677cb79e3a2b4051f491cba9a71f89ce37babc9d90f4db23efae390d
Instruction Fuzzy Hash: 31516D7120020A9F8B24DF5CD88086AB3FAFF88745760896EF44AC7251EB71E9558BB1

Function 00DAA780 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00DAA902
std::_Xinvalid_argument.LIBCPMT ref: 00DAA90C

Strings

string too long, xrefs: 00DAA8FD, 00DAA907
invalid string position, xrefs: 00DAA8E9, 00DAA8F3

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: ad20a4e73819941b8d3b76468eec9cc7d7cdc140fe324d65108bb493513db1a6
Instruction ID: e6e3f22db165572fa5e0d551c79717d18bcea3234e6e63ebd071fcc11b71cecd
Opcode Fuzzy Hash: ad20a4e73819941b8d3b76468eec9cc7d7cdc140fe324d65108bb493513db1a6
Instruction Fuzzy Hash: 3A51A4317002059FDB24DF6CD88096AB7E5EF96740B244A2EF452CB291D775DD41CBB2

Function 00E4F1B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00E4F20A
std::_Xinvalid_argument.LIBCPMT ref: 00E4F2A0

Part of subcall function 00DE2308: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00DE2314
Part of subcall function 00DE2308: __CxxThrowException@8.LIBVCRUNTIME ref: 00DE2322

std::_Xinvalid_argument.LIBCPMT ref: 00E4F30A

Strings

vector<T> too long, xrefs: 00E4F205, 00E4F29B, 00E4F305

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$Exception@8Throwstd::invalid_argument::invalid_argument
String ID: vector<T> too long
API String ID: 1284171080-3788999226
Opcode ID: 252ec85b9000cd2d3b38631ca97836de2e58245ea67b28fe8212f5d1ead56786
Instruction ID: 6fc2bf9fdd7264b181171e9c8659c181b1aed461a3fc72a9a376d9cf5f8392d8
Opcode Fuzzy Hash: 252ec85b9000cd2d3b38631ca97836de2e58245ea67b28fe8212f5d1ead56786
Instruction Fuzzy Hash: 8C4117373002250B871CDC3EDD9446EBAD7DBD8B6131D8A3EE945E7788C9B0F8414694

Function 00D7DDA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D7DEE6
std::_Xinvalid_argument.LIBCPMT ref: 00D7DEF0

Strings

CPU >> , xrefs: 00D7DDB4, 00D7DDCC, 00D7DDE1, 00D7DDEC, 00D7DEA8
string too long, xrefs: 00D7DEE1, 00D7DEEB

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: CPU >> $string too long
API String ID: 909987262-599734533
Opcode ID: aa65ab1a5bd22a66b85cefc1f1f6500e288ee7faa3b09a73334422f1555e19aa
Instruction ID: 006054f0b463aae0f0c9986287d7ba8f4f8618f0c08795096b5ad36c7fde2d29
Opcode Fuzzy Hash: aa65ab1a5bd22a66b85cefc1f1f6500e288ee7faa3b09a73334422f1555e19aa
Instruction Fuzzy Hash: C64196323043118B8A35DE5CD89097AB3F7EFE5711324892EF58ACB650EB21DC4587B5

Function 00DD96F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DD97A8

Strings

%sAuthorization: Digest %s, xrefs: 00DD982A
%.*s, xrefs: 00DD97B8
Proxy-, xrefs: 00DD9821, 00DD9829

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: %.*s$%sAuthorization: Digest %s$Proxy-
API String ID: 601868998-541442569
Opcode ID: 2ae9675f293ca33b3494de39b9c2722a08c985cf420636377eca9c1284be3b90
Instruction ID: c9800fc8e057f35fb407732bcdc8c3d85def81ec2bc52fcb234426fd57555b87
Opcode Fuzzy Hash: 2ae9675f293ca33b3494de39b9c2722a08c985cf420636377eca9c1284be3b90
Instruction Fuzzy Hash: 1441A976A00108AFDB11CF59DC45BEAB7B5EF49354F0880AAED08EB351D7719D50CBA1

Function 00D89A10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D89B07
std::_Xinvalid_argument.LIBCPMT ref: 00D89B11

Strings

string too long, xrefs: 00D89B02, 00D89B0C
invalid string position, xrefs: 00D89AF8

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: 28c45fa0e357965921f980b5ba56a6c2a6273be73d3efb216a378ee4cc014bd4
Instruction ID: 1227c151e5e3542e142311c7601b0269fea979f7b62208fc25050b0ad9387812
Opcode Fuzzy Hash: 28c45fa0e357965921f980b5ba56a6c2a6273be73d3efb216a378ee4cc014bd4
Instruction Fuzzy Hash: BB3183323003049FD728AF5DD891A7AF7E9EB95710B18492EF5958B651D771E9008BB0

Function 00D82CF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D82DF6
std::_Xinvalid_argument.LIBCPMT ref: 00D82E00

Strings

string too long, xrefs: 00D82DF1, 00D82DFB
invalid string position, xrefs: 00D82DE7

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: 7ed93aa8b3f70ab494b346f924a8852d8236d0acf3827d09912503d45db307c3
Instruction ID: ed5d6e15fb6092b1812e9b994abe336ef0918bb8c947e3e448206e6c30da6f6a
Opcode Fuzzy Hash: 7ed93aa8b3f70ab494b346f924a8852d8236d0acf3827d09912503d45db307c3
Instruction Fuzzy Hash: 1B31CD323043199F8B24AF5CE88087AB7E9EF94711310492EF456CB660EB71E9058BF4

Function 00D7AF70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D7B068
std::_Xinvalid_argument.LIBCPMT ref: 00D7B072

Strings

string too long, xrefs: 00D7B063, 00D7B06D
invalid string position, xrefs: 00D7B059

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: 62dbf5d8c96512b7dc6c2830f8faee9a197fcbb0cfc5283806a50a53c0a6e113
Instruction ID: ca98ecb354acce8fdce2f8a94004835557b7a1942f4a4950abb109657ef3ffd6
Opcode Fuzzy Hash: 62dbf5d8c96512b7dc6c2830f8faee9a197fcbb0cfc5283806a50a53c0a6e113
Instruction Fuzzy Hash: 623190323043098B8B28DE5DE881A6FB3E9FF95721310892FF46AC7610E771E91487B5

Function 00D7A670 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D7A758
std::_Xinvalid_argument.LIBCPMT ref: 00D7A762

Strings

string too long, xrefs: 00D7A753, 00D7A75D
invalid string position, xrefs: 00D7A749

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: 48406383bfcd74fee4c8f042268eb8fc67a6a67284f3953765240cb63d578395
Instruction ID: 23473117ad4cb619bb3beb40877b1f34584dab3b14382c9594325df88a55194a
Opcode Fuzzy Hash: 48406383bfcd74fee4c8f042268eb8fc67a6a67284f3953765240cb63d578395
Instruction Fuzzy Hash: B631C0323007018FDB28DE5DE840A6FB3F9EBD0711B14892EE559CB651D3B1E80087B2

Function 00DA4EF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON

Download Yara Rule

APIs

___std_type_info_name.LIBVCRUNTIME ref: 00DA4FC3

Strings

void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 00DA5006
" to data failed, xrefs: 00DA4FD6
conversion of type ", xrefs: 00DA4F99

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_type_info_name
String ID: " to data failed$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
API String ID: 1734802720-3578818472
Opcode ID: 0c0dde1f346d73e3adefafbcc88a420149c4376899f7eecd9220b979a190fc3c
Instruction ID: ed7f6f0bada21833d45910908306fe6acf4d68f6d758e11b669feb0d377d3a4b
Opcode Fuzzy Hash: 0c0dde1f346d73e3adefafbcc88a420149c4376899f7eecd9220b979a190fc3c
Instruction Fuzzy Hash: 6731B271D0428CAADF15DBA8C885FEFBBB9EB05310F109159F451B72C2EB755A088BB1

Function 00DC3540 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00DC359C

Strings

%s:%s, xrefs: 00DC3589
Proxy-, xrefs: 00DC35F6, 00DC35FE
%sAuthorization: Basic %s, xrefs: 00DC35FF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___swprintf_l
String ID: %s:%s$%sAuthorization: Basic %s$Proxy-
API String ID: 48624451-2961970465
Opcode ID: 694836c5779488520901f4d7a3352d32cfe74bde9c466fab9e0a57bd0597a202
Instruction ID: 47a9693c60cd2bd2fd56385f20915c8f77bf5abb13bb93a4eed2e8b604021374
Opcode Fuzzy Hash: 694836c5779488520901f4d7a3352d32cfe74bde9c466fab9e0a57bd0597a202
Instruction Fuzzy Hash: 8C21D375600109AFDB04CF64C845FEA77F9EB89310F1481BDE9499B241E772AE049BB0

Function 00DFD800 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00000000,00000000,2C690420), ref: 00DFD832
GetCurrentDirectoryW.KERNEL32(00000000,00000000,00D913B8), ref: 00DFD86D
GetLastError.KERNEL32 ref: 00DFD877

Strings

boost::filesystem::current_path, xrefs: 00DFD881

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CurrentDirectory$ErrorLast
String ID: boost::filesystem::current_path
API String ID: 1128942804-4026011040
Opcode ID: 91d63d093052b03bf7701dd8a07e2a1a9498d7435075bafb7e6c3d2b633765e5
Instruction ID: 249103ca482a658babdd0413b8afe7a7098256965375db9f1e21ed35a59677f7
Opcode Fuzzy Hash: 91d63d093052b03bf7701dd8a07e2a1a9498d7435075bafb7e6c3d2b633765e5
Instruction Fuzzy Hash: F621D472600248ABDB109F69DC05B6BBBFAEF44750F05852AF906DB290E7B5E904C7A1

Function 00D73580 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00D735A9
_com_util::ConvertStringToBSTR.COMSUPP ref: 00D735E2
_com_issue_error.COMSUPP ref: 00D735FF

Strings

WQL, xrefs: 00D735CF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ConvertString_com_issue_error_com_util::
String ID: WQL
API String ID: 729922077-1249411209
Opcode ID: 5cae6d63acaa42f137fa6f1e5b1deeadd81ecd88b82650e29e3b5ffd94006f57
Instruction ID: e13208256735d9c8f4e98e674c7d2745e99cfdb25cc5046abd0d65da244a65cd
Opcode Fuzzy Hash: 5cae6d63acaa42f137fa6f1e5b1deeadd81ecd88b82650e29e3b5ffd94006f57
Instruction Fuzzy Hash: 4401D6B1944759EBD320CF54CC01B6AF7E8EB40B20F20871EF855A7780E7B5594087E0

Function 00E74C6D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,00000000,?,00E74D3D,00000000), ref: 00E74C83
FreeLibrary.KERNEL32(00000000,00000000,?,00E74D3D,00000000), ref: 00E74C92
_free.LIBCMT ref: 00E74C99

Strings

=M, xrefs: 00E74C73, 00E74C98

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CloseFreeHandleLibrary_free
String ID: =M
API String ID: 621396759-2195644689
Opcode ID: 447b717dc16d77a8202fc9e91f3b14a033ee8a40dbee214d348a7d9dbb6fca87
Instruction ID: d0fa432325143b9f7bd27c33237a7bef2d31be47f2666740f4f363056d5e105c
Opcode Fuzzy Hash: 447b717dc16d77a8202fc9e91f3b14a033ee8a40dbee214d348a7d9dbb6fca87
Instruction Fuzzy Hash: FFE04F72001610EFD7221B16E808B56B7A89B45325F15C419E56D224A0CB35B880DA90

Function 00E80A52 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00E80ADD
__alldvrm.LIBCMT ref: 00E80CDE
__alldvrm.LIBCMT ref: 00E80D00

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 9d93e61f19b96296c0ae5d052b078a61c056aa9b66824bfbf5dd4f31dc1b7d83
Instruction ID: f20d957d00c107ac59ca497e298619d234b9f1c90926ab9160208f006a2bdf47
Opcode Fuzzy Hash: 9d93e61f19b96296c0ae5d052b078a61c056aa9b66824bfbf5dd4f31dc1b7d83
Instruction Fuzzy Hash: 83A1BE72A003869FE765EF58C891BAEFBE0EF11314F1452ADD49DBB282C2349D49C750

Function 00E75264 Relevance: 6.2, APIs: 4, Instructions: 174pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000000,00000000,00000000), ref: 00E75289

Part of subcall function 00E75688: __dosmaperr.LIBCMT ref: 00E756CB

GetLastError.KERNEL32 ref: 00E753B4
__dosmaperr.LIBCMT ref: 00E753BB
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00E753F8

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: __dosmaperr$ErrorFileLastNamedPeekPipeType
String ID:
API String ID: 3955570002-0
Opcode ID: 8c6d4d1e954868a375d5766b3e664d3ff2a4424456d11bb1b4019721ab1c07b5
Instruction ID: 80ebb5ea54d87dc1e5240866aac43287ad14491ec59a4f1515e11a35ff9c6686
Opcode Fuzzy Hash: 8c6d4d1e954868a375d5766b3e664d3ff2a4424456d11bb1b4019721ab1c07b5
Instruction Fuzzy Hash: 9951D473900B08AFDB24DFB4CC419AFB7F9EF08314B149929E55AE7560E7B0E8468B50

Function 00E03250 Relevance: 6.2, APIs: 4, Instructions: 167COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00E032B2
new.LIBCMT ref: 00E032C9
__Init_thread_footer.LIBCMT ref: 00E0333B
__Init_thread_footer.LIBCMT ref: 00E03472

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 4faf814b1ca5dedefb9aadf800277970d7875caa9f92404ded2b10487a6c2f44
Instruction ID: 4859609a5098348a70183b20e855da2a811c1160c255d9a2e7651881eab2494d
Opcode Fuzzy Hash: 4faf814b1ca5dedefb9aadf800277970d7875caa9f92404ded2b10487a6c2f44
Instruction Fuzzy Hash: 7A61EC70900259CFCB10CF68C986BADB7F8FB05324F104269E526BB3D2D7359A08CBA1

Function 00DE2CD6 Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 00DE2D2E
MultiByteToWideChar.KERNEL32(00D7FB61,00000009,00000000,00000002,?,00000000,00000000,00000001,?), ref: 00DE2D7C
MultiByteToWideChar.KERNEL32(00D7FB61,00000009,?,030A7EC0,?,00000000,00000000,00000001,?), ref: 00DE2DEE
MultiByteToWideChar.KERNEL32(00D7FB61,00000009,?,00000001,?,00000000,00000000,00000001,?), ref: 00DE2E16

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ByteCharMultiWide$Getcvt
String ID:
API String ID: 3195005509-0
Opcode ID: 7db8a26dfba8fa95f36483faeca123a42c7c5e280b71f56f6744a61e3ab923a6
Instruction ID: 023fa9f40daa14c9e1186e0d48bf795faec25dbaf5d06bd36de6778d7f6b4c8b
Opcode Fuzzy Hash: 7db8a26dfba8fa95f36483faeca123a42c7c5e280b71f56f6744a61e3ab923a6
Instruction Fuzzy Hash: AA41C031600385EFDB219F66DC41B7ABBBDEF05310F288469F9519B190D771E840CBA0

Function 00DF8250 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(FFFFFFFF,2C690420,S,00000000,?,?,?,?,00E9475A,000000FF,?,00DF9D35), ref: 00DF828F
TlsGetValue.KERNEL32(FFFFFFFF,2C690420,S,00000000,?,?,?,?,00E9475A,000000FF,?,00DF9D35), ref: 00DF82AB

Strings

S, xrefs: 00DF8265
ZG, xrefs: 00DF82AF

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Value
String ID: ZG$S
API String ID: 3702945584-752186485
Opcode ID: 510f57442d6eefc2a4ef10d3d44ad9cfed8c6b1fa177c60fef6b8ff35304473b
Instruction ID: f9c016a5e9ddbbed18693fd0d9c3d11eda57d96a54f0f8d3efba0afb4dcd9f13
Opcode Fuzzy Hash: 510f57442d6eefc2a4ef10d3d44ad9cfed8c6b1fa177c60fef6b8ff35304473b
Instruction Fuzzy Hash: D951E735A006189FCB21DF28C944B6DB7E8FF45720F1A8558E946D7390DB34EE05CBA1

Function 00E748D8 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fcd4acfbb7457f66cd5e4bb168ea676a0c8c5c62d644a1259e5ff39b7057594
Instruction ID: 32fa5e56d93812b2c43ee490fac5aa8c3aafc017edabc6815fba490d0c049a48
Opcode Fuzzy Hash: 6fcd4acfbb7457f66cd5e4bb168ea676a0c8c5c62d644a1259e5ff39b7057594
Instruction Fuzzy Hash: 24410BB1A44309AFD7149F78CC417ABBBE9EB84710F10952AF219EB2C1D37199018790

Function 00E4FA30 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00E4FA54

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbc37d2f6184032bf3131da2bf0fe894ac3aea1319f9c4cffccb5a8d037a80ca
Instruction ID: 9cfb082daf64a4d83267a6b9f1db2af828d87718e4837421f8d27a4e5269b5e7
Opcode Fuzzy Hash: fbc37d2f6184032bf3131da2bf0fe894ac3aea1319f9c4cffccb5a8d037a80ca
Instruction Fuzzy Hash: 2031EC763002018FC310DF69E480ABAB3E1EF94726F14CA7AE559D7252DB30EC65CBA1

Function 00DF96A0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

Part of subcall function 00D85930: CloseHandle.KERNEL32(00000000,2C690420), ref: 00D85985
Part of subcall function 00D85930: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,2C690420,?,?,?,2C690420,?,00DF943D,2C690420), ref: 00D85997

ReleaseSemaphore.KERNEL32(?,?,00000000,2C690420,?,?,?,?,00000000,00E94942,000000FF,?,00DF9537), ref: 00DF96F4
ReleaseSemaphore.KERNEL32(?,?,00000000,?,?,?,?,00000000,00E94942,000000FF,?,00DF9537), ref: 00DF9715
CloseHandle.KERNEL32(?), ref: 00DF9757
SetEvent.KERNEL32(00000000), ref: 00DF9791

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: CloseHandleReleaseSemaphore$EventObjectSingleWait
String ID:
API String ID: 3698072468-0
Opcode ID: ea25151ccd975cc63c8e8509e3cd9ec9926dd87407ceef89ed381ec664f8f7d2
Instruction ID: 94109bb757cd8bf2df55bb3c76a2b101573ba6a462ebbdfc4843df7f9e0905a8
Opcode Fuzzy Hash: ea25151ccd975cc63c8e8509e3cd9ec9926dd87407ceef89ed381ec664f8f7d2
Instruction Fuzzy Hash: AD31AF70A00308DFDF149F58DC84B6ABBA8EB05724F1985A9ED15DB295D735EC01CBA0

Function 00D8F000 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00D8F036
Concurrency::cancel_current_task.LIBCPMT ref: 00D8F0A0

Part of subcall function 00DFBF2B: __CxxThrowException@8.LIBVCRUNTIME ref: 00DFBF42

Concurrency::cancel_current_task.LIBCPMT ref: 00D8F0A5

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Concurrency::cancel_current_task$Exception@8Throw
String ID:
API String ID: 3339364867-0
Opcode ID: c71de1e03615bb84a90a173c55549aeba09db768fe47eb91aa969a41973d9e73
Instruction ID: 26cf10196a67508cf8e0bc6b9f35750ddecf1a11291ca9c6f0b81a746f3eeb46
Opcode Fuzzy Hash: c71de1e03615bb84a90a173c55549aeba09db768fe47eb91aa969a41973d9e73
Instruction Fuzzy Hash: DB11B2B6900106AFD718EF68CC81E7AB3A8FF44310755463AEA19D3251E731ED24CBB1

Function 00D8F0B0 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00D8F0E6
Concurrency::cancel_current_task.LIBCPMT ref: 00D8F152

Part of subcall function 00DFBF2B: __CxxThrowException@8.LIBVCRUNTIME ref: 00DFBF42

Concurrency::cancel_current_task.LIBCPMT ref: 00D8F157

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Concurrency::cancel_current_task$Exception@8Throw
String ID:
API String ID: 3339364867-0
Opcode ID: ddbd4eac951e155764efa1d3510aa374e82febe5be42ac7467a40f177048762b
Instruction ID: 8df374e9858a0f36ccc05dd34a67809e8dcbdcc15b2f9de7a85f7222dd651931
Opcode Fuzzy Hash: ddbd4eac951e155764efa1d3510aa374e82febe5be42ac7467a40f177048762b
Instruction Fuzzy Hash: 4F1193B6500606AFC718EF68C88597EB3A8EF44310B55463AEA19C7641E731ED25CBB1

Function 00E23070 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00E23094

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3a0e99cf817a150b3c63b627bcc16b7be7712f93396f2bea078e8a87903d690
Instruction ID: 8a063628db0c1f9f22285e4170a615435f0489103b442ef1025781fe9369eec8
Opcode Fuzzy Hash: f3a0e99cf817a150b3c63b627bcc16b7be7712f93396f2bea078e8a87903d690
Instruction Fuzzy Hash: A901F9756001114B8724EB39F985D2EB3D8DF40354705862AE91AD7662DB38EE45CF72

Function 00E75420 Relevance: 6.1, APIs: 4, Instructions: 65timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(00000000,?,?,?,00000000,00000000,?,?,?,00000000), ref: 00E7544E
SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00E75462
GetLastError.KERNEL32 ref: 00E754AA
__dosmaperr.LIBCMT ref: 00E754B1

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Time$System$ErrorFileLastLocalSpecific__dosmaperr
String ID:
API String ID: 593088924-0
Opcode ID: 3664ef96cafbdb73d7e9e4dad7a12bef6568aa27f9eac854cb3ed84a6c48fb9c
Instruction ID: e41fbf068cfc0f42501595d88a838c02c1d6524025c1ce4afcfe73da5638c0e3
Opcode Fuzzy Hash: 3664ef96cafbdb73d7e9e4dad7a12bef6568aa27f9eac854cb3ed84a6c48fb9c
Instruction Fuzzy Hash: F9212E7390010DAFCB00DFE5DD84AEF77BCAB08321F509656F52AF6080EA74EA458B61

Function 00D9EAE0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00D9EB13

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d77515ad65b2b41654a9843b87c8fa7ab20286e32492c19d137f0fd6c4c121d4
Instruction ID: 555c3b5e3079dbdd9cd485100cf46308894f2ae1861448486c53ede1f508e55b
Opcode Fuzzy Hash: d77515ad65b2b41654a9843b87c8fa7ab20286e32492c19d137f0fd6c4c121d4
Instruction Fuzzy Hash: 9DF089B26002080ADB1CE768DC92A3E7754CF70354B45413EFA1BC6552F622E964C679

Function 00E4F9C0 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00E4F9E7

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 436ff046126941eeec54348df4088f2425809747f70c0628ff03eda104265074
Instruction ID: a1cf21445356e15d7ef996aaa9fc91b4e7a965d15c177380d3be9ef006596f10
Opcode Fuzzy Hash: 436ff046126941eeec54348df4088f2425809747f70c0628ff03eda104265074
Instruction Fuzzy Hash: CAF027B190010019DB24FBB4B956B3E3298CF50758742993AEA0EF2023FB35DD549673

Function 00E05B80 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0000000C,2C690420,?,00E05E55,?,00000000), ref: 00E05BA9
HeapAlloc.KERNEL32(00000000,?,00E05E55,?,00000000), ref: 00E05BB0

Part of subcall function 00D7C1E0: __CxxThrowException@8.LIBVCRUNTIME ref: 00D7C22E

Strings

U^, xrefs: 00E05B9C, 00E05BF4
bad allocation, xrefs: 00E05BCB

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Heap$AllocException@8ProcessThrow
String ID: U^$bad allocation
API String ID: 2841549324-3417518598
Opcode ID: e59100db97eef7347e945cbd9b8b3590b88888f59a7cd377bf64fd5df90b084d
Instruction ID: 09c79b96695375c8e5d33d0050d296a5f1631c973e5ecdf8cfe256bed661c97d
Opcode Fuzzy Hash: e59100db97eef7347e945cbd9b8b3590b88888f59a7cd377bf64fd5df90b084d
Instruction Fuzzy Hash: 41014C71E007499FCB00CFA5C845B5ABBB8FB49700F10866AF915EB381EB74A544CB90

Function 00D7BE40 Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00D7BE6A

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2a7451a62a4b2ee75dfba380583b36b9ef1f5812cad444a02974a9c022dbea8
Instruction ID: fab2f010a391ca221c050c50dd7ab5caab74f645fc61cbd7207fdc81ed892ad9
Opcode Fuzzy Hash: d2a7451a62a4b2ee75dfba380583b36b9ef1f5812cad444a02974a9c022dbea8
Instruction Fuzzy Hash: B8F082F26042080A9708E7789C52A7E7298CF24370755813BF61EC6682F622E9548576

Function 00D8F160 Relevance: 6.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00D8F18B

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f22e6bf2c0fdcebda5b651e1c09446586ffb2276ce4ade469a68fbc7b52885c
Instruction ID: 2f8f84bee05c79676665ee421a06c1816ab3398a1b4e505c76f22dcbc42b9efe
Opcode Fuzzy Hash: 6f22e6bf2c0fdcebda5b651e1c09446586ffb2276ce4ade469a68fbc7b52885c
Instruction Fuzzy Hash: EBF0A7F36043084A9618F778DC56D3E7294CF34360706463BFA1EC6691F622DD55C676

Function 00DA1E80 Relevance: 6.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00DA1EAB

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76ed98ddada49c7321db007dd077195e7b8ad118fe783375149292d5aa19183d
Instruction ID: 75ba2cb5c37d34c83554f084d01a6e9fc9ecb8fa471534930f717dae09b1d535
Opcode Fuzzy Hash: 76ed98ddada49c7321db007dd077195e7b8ad118fe783375149292d5aa19183d
Instruction Fuzzy Hash: A6F0A7F76041080A9A18E7789C5293E7298CF65360B45823BFA1EC6681F622DE5485B6

Function 00E4F950 Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00E4F980

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77fe75a867870fb9d20ca8abb7671582ad89bb34b65130aa0c7ebe8461e2e6eb
Instruction ID: 1d8669134ecdcd981efb59eaa8123cdd15a0a7d020745c20779abcdcd6a23092
Opcode Fuzzy Hash: 77fe75a867870fb9d20ca8abb7671582ad89bb34b65130aa0c7ebe8461e2e6eb
Instruction Fuzzy Hash: 1AF02B7250010565DB2CF7F0B951B3D3284CF90749F01A03EEB0AE5413E725D954C133

Function 00D7BDE0 Relevance: 6.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00D7BE0E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 970908b49473d7ef28af1614abfa152ea2e8798d69a80794042a91427aa07e5e
Instruction ID: 9cdffa2010533911a49862e4ec1b6355d8e0cc8a55b0f4b437d87a3a54d3d71d
Opcode Fuzzy Hash: 970908b49473d7ef28af1614abfa152ea2e8798d69a80794042a91427aa07e5e
Instruction Fuzzy Hash: A4F0E2F26041080E9618E7689842E7E73D8CF60360705C03BF61EC7641FB32ED14C67A

Function 00E4CC80 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON

Download Yara Rule

APIs

Part of subcall function 00E4E090: new.LIBCMT ref: 00E4E092

Part of subcall function 00E5E6F0: LoadLibraryA.KERNEL32(?), ref: 00E5E70C

___std_exception_copy.LIBVCRUNTIME ref: 00E4CDB4
___std_exception_destroy.LIBVCRUNTIME ref: 00E4CE09

Strings

Unable to open message catalog: , xrefs: 00E4CD69

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: LibraryLoad___std_exception_copy___std_exception_destroy
String ID: Unable to open message catalog:
API String ID: 2927770020-3361316291
Opcode ID: 556e9bf96e22a4f91c280e75d8fdf13d4af9107a1a1ab1447beda4fb4f45256c
Instruction ID: cd4dc1036803d4b4b4360b7cca92e0e4dc46848e67a91121a71c6a28fc99759c
Opcode Fuzzy Hash: 556e9bf96e22a4f91c280e75d8fdf13d4af9107a1a1ab1447beda4fb4f45256c
Instruction Fuzzy Hash: BEC1BA70D01248DFDF11DBA4D884BEEBBF9EF15304F245569E405BB282DB349A49CBA1

Function 00E4F400 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 283COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00E4F45A

Strings

punct, xrefs: 00E4F650
vector<bool> too long, xrefs: 00E4F455

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: punct$vector<bool> too long
API String ID: 909987262-458764811
Opcode ID: 9f9a21b26fa63dccc2ff4d0fb77895a078a7a162ae2e0db1e250e88706c7181d
Instruction ID: 540be36bb6a53a62294756ec4cd916f9011069bb489d51329167e923d7267962
Opcode Fuzzy Hash: 9f9a21b26fa63dccc2ff4d0fb77895a078a7a162ae2e0db1e250e88706c7181d
Instruction Fuzzy Hash: DEC1B071900208EFDB10DF54D884BDEBBF8FF44754F10952AE946AB691DB78AA48CB90

Function 00D7A540 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

string too long, xrefs: 00D7A64F, 00D7A659

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: string too long
API String ID: 0-2556327735
Opcode ID: 083c0e5de743367c9bea4cbf0f8819c7bd4887e4e8d53ec49532907df4a467f1
Instruction ID: 7746bbfe140236ebe8937368be968b0bac32a7d1c8e0b7687c8d5756117743e7
Opcode Fuzzy Hash: 083c0e5de743367c9bea4cbf0f8819c7bd4887e4e8d53ec49532907df4a467f1
Instruction Fuzzy Hash: 4731F6323007108BDB249E5CA88096EF7E9EFD5B11B24C92EE499CB641E771DC4487B2

Function 00D7E0C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON

Download Yara Rule

Strings

string too long, xrefs: 00D7E1CF, 00D7E1D9

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID:
String ID: string too long
API String ID: 0-2556327735
Opcode ID: 366002ebe6ab769b8fe567c62d26aeedad1161a0ebddf2d52084b2cf7ac61fa2
Instruction ID: 2fe9af12fe4c89d1a245061e168fc8fc40c1002a281f65935ef8d3727b71d57f
Opcode Fuzzy Hash: 366002ebe6ab769b8fe567c62d26aeedad1161a0ebddf2d52084b2cf7ac61fa2
Instruction Fuzzy Hash: A931B3323043149B8B34DE5DE88186AF3F9FF99711350856FE49AC7620E771E80587B1

Function 00D7A360 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D7A47B

Strings

string too long, xrefs: 00D7A476
invalid string position, xrefs: 00D7A462, 00D7A46C

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 909987262-4289949731
Opcode ID: 9dec47b50e4b560d38bcf9198bbb62ab0544e2a447b8683c478ad6b99cb40f38
Instruction ID: f1e68ed147ec25d81830edcf50864323002d78089bf65f38e49d6c679bb0c9f0
Opcode Fuzzy Hash: 9dec47b50e4b560d38bcf9198bbb62ab0544e2a447b8683c478ad6b99cb40f38
Instruction Fuzzy Hash: 5731C5323003148BD7249E9CE844B5BF7E9EBD5B25F10862FE559CB642E7B2984087F2

Function 00DA7500 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

Part of subcall function 00D7BB70: std::ios_base::_Addstd.LIBCPMT ref: 00D7BC19

Part of subcall function 00D7B2B0: new.LIBCMT ref: 00D7B2DE
Part of subcall function 00D7B2B0: std::locale::_Init.LIBCPMT ref: 00D7B2F5

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00DA76E0

Strings

H, xrefs: 00DA7580
RunInstaller failed to execute., xrefs: 00DA7633

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::ios_base::_$AddstdInitIos_base_dtorstd::locale::_
String ID: H$RunInstaller failed to execute.
API String ID: 3640179778-3820714907
Opcode ID: c099a450c43cfe9ceb2cbc43992800f8e8348cf4babe5023c45fc9ed57fe9b02
Instruction ID: 8f9caa427c1c25300f10e09f75e9e7cffeec2a632d556290898da88ff5fcbf57
Opcode Fuzzy Hash: c099a450c43cfe9ceb2cbc43992800f8e8348cf4babe5023c45fc9ed57fe9b02
Instruction Fuzzy Hash: 77513C70A04359DFEF50DF98C845BDEBBB4EF45304F148099E449AB281EB74AA88CF61

Function 00DA7710 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

Part of subcall function 00D7BB70: std::ios_base::_Addstd.LIBCPMT ref: 00D7BC19

Part of subcall function 00D7B2B0: new.LIBCMT ref: 00D7B2DE
Part of subcall function 00D7B2B0: std::locale::_Init.LIBCPMT ref: 00D7B2F5

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00DA78F0

Strings

Executing Carrier Exe Directly, xrefs: 00DA7843
H, xrefs: 00DA7790

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: std::ios_base::_$AddstdInitIos_base_dtorstd::locale::_
String ID: Executing Carrier Exe Directly$H
API String ID: 3640179778-1476402511
Opcode ID: 0ec486be77162ea902fb9e024db7ff2ad600b6394cb232506e7d55acb8d8b6c6
Instruction ID: 7ef43c9e294c5bd036d26f88f1592a17105d1070f5de521de1424fe4f1152dae
Opcode Fuzzy Hash: 0ec486be77162ea902fb9e024db7ff2ad600b6394cb232506e7d55acb8d8b6c6
Instruction Fuzzy Hash: 63513D70A04359DFEF14DF94C849BDEBBB4EF45304F108199E449AB281DB74AA88CF61

Function 00D9D5E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D9D671
std::_Xinvalid_argument.LIBCPMT ref: 00D9D6D5

Strings

vector<T> too long, xrefs: 00D9D66C, 00D9D6D0

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 909987262-3788999226
Opcode ID: 14acdd5a44ef8dbc379406a388b5fe9a657c51b5c5a0693e9e4b138029414c17
Instruction ID: fc250f2b05debc1d1f596e22d4546a7a92f65d4b95e775e97af93a13fa9a9735
Opcode Fuzzy Hash: 14acdd5a44ef8dbc379406a388b5fe9a657c51b5c5a0693e9e4b138029414c17
Instruction Fuzzy Hash: 4431E5733006184FCB18EE2DD99199AB7EAEBD8360B14C12EE849DB745DA70EC41C7A4

Function 00D884B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D88565
std::_Xinvalid_argument.LIBCPMT ref: 00D8856F

Strings

string too long, xrefs: 00D88560, 00D8856A

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: string too long
API String ID: 909987262-2556327735
Opcode ID: c667a47ae919c48bbb47352b6ca1094135fd9907b519a1882f11a619e87514d5
Instruction ID: 6e6b8268c552e55d6214650ae3edc452b6ecefca1b16372c976d49d264a1c1dd
Opcode Fuzzy Hash: c667a47ae919c48bbb47352b6ca1094135fd9907b519a1882f11a619e87514d5
Instruction Fuzzy Hash: EA3129323003548BC731AA5CA8009AAFBE8DFA2B61F54496FE99587752DB72D800D7F1

Function 00D82E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D82EE3
std::_Xinvalid_argument.LIBCPMT ref: 00D82EED

Strings

string too long, xrefs: 00D82EDE, 00D82EE8

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: string too long
API String ID: 909987262-2556327735
Opcode ID: d20195a957a67754b90ca17456db9d25ae4eb5288d60fd81c18090ca9886e83a
Instruction ID: 14a57783978b2cc7d211f391e6e69f6c25801d622b75b8deeb32ec148763bdb7
Opcode Fuzzy Hash: d20195a957a67754b90ca17456db9d25ae4eb5288d60fd81c18090ca9886e83a
Instruction Fuzzy Hash: BF21C4323147149B8B357E5CA880479B3E4FF19721360492FF596D7760D7719814C7B9

Function 00DAE410 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00DAE489
std::_Xinvalid_argument.LIBCPMT ref: 00DAE49B

Strings

string too long, xrefs: 00DAE484, 00DAE496

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: string too long
API String ID: 909987262-2556327735
Opcode ID: f3ae3cb3e9c816438bfeb3b8692b305890d8464978c354f23c9f1819789473ff
Instruction ID: d5a30452060d0482fb27de6b9cb0e513708e5ebe39151f1af9f3affa003eeb45
Opcode Fuzzy Hash: f3ae3cb3e9c816438bfeb3b8692b305890d8464978c354f23c9f1819789473ff
Instruction Fuzzy Hash: A131BF34604704DFCB21CF19C490A5ABBF4EB09724F148A5DE56A9B342D771E900CBB0

Function 00DDC590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DDC5BA
___from_strstr_to_strchr.LIBCMT ref: 00DDC5C9

Strings

; filename="%s", xrefs: 00DDC63F

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: ; filename="%s"
API String ID: 601868998-4174338374
Opcode ID: 28ac7256f7b199d0ef088673122413a8a67ca82851bdf989b0d133aac832680f
Instruction ID: 3fd9b28b23c95eef22ea490a8170deaba78831f3d0adcd5e04df58092d1f47cb
Opcode Fuzzy Hash: 28ac7256f7b199d0ef088673122413a8a67ca82851bdf989b0d133aac832680f
Instruction Fuzzy Hash: 85216D315103555FE7211F68BC44B667B99DF46374F0C20AAF8899B323E7619D06C7B0

Function 00DBAB10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DBAB82

Strings

Connecting to hostname: %s%s%s, xrefs: 00DBABA6
Connecting to port: %d, xrefs: 00DBABD6

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: Connecting to hostname: %s%s%s$Connecting to port: %d
API String ID: 601868998-2189567200
Opcode ID: 9f96fbe5754080042400d23461f7b2953839cdc9f86462911b89a46888589740
Instruction ID: 01f99be65e0a0ada767a5798bbdf926f14103d3f2db97a054276cf76394b73c0
Opcode Fuzzy Hash: 9f96fbe5754080042400d23461f7b2953839cdc9f86462911b89a46888589740
Instruction Fuzzy Hash: F3310675A00254EFDB108F5D8C41BDA7FA9EF96750F0802B6FC15AB282E3B09D4087B2

Function 00D81200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D812A8
std::_Xinvalid_argument.LIBCPMT ref: 00D812B2

Strings

string too long, xrefs: 00D812A3, 00D812AD

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: string too long
API String ID: 909987262-2556327735
Opcode ID: 6cd146da46b0f66f45f0ef72b34b99f52ecc1f07a6f9058e160bea9c0ce868e3
Instruction ID: 052f9440917a991de64d1c9b268b29c4832f81c19192e24d1bf61e3807ae31c9
Opcode Fuzzy Hash: 6cd146da46b0f66f45f0ef72b34b99f52ecc1f07a6f9058e160bea9c0ce868e3
Instruction Fuzzy Hash: 7011D3363043149B9B24BF5DF842A7AF3EDFFA5721310092FE156C7660DB61A80987B9

Function 00E03C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00E03C9F
std::_Xinvalid_argument.LIBCPMT ref: 00E03CB1

Strings

string too long, xrefs: 00E03C9A, 00E03CAC

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: string too long
API String ID: 909987262-2556327735
Opcode ID: fb2ae4499045391c054e6eff89b5bb1061de96e0f877b3f10bd74417c7bf4426
Instruction ID: 25564b141777b81ecc019d002e466a9fe331876049792bcf302c6dcd9f48df92
Opcode Fuzzy Hash: fb2ae4499045391c054e6eff89b5bb1061de96e0f877b3f10bd74417c7bf4426
Instruction Fuzzy Hash: 5731E230608780DFC721CF28C881B56F7F8EB01714F101A5EE492AB781C7B0AA44C7B1

Function 00D7A490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D7A525
std::_Xinvalid_argument.LIBCPMT ref: 00D7A52F

Strings

string too long, xrefs: 00D7A520, 00D7A52A

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: string too long
API String ID: 909987262-2556327735
Opcode ID: 0fa31f2ca3fe8497505f97cd3c0d4a811d5fddb03ac6a66dc180c790c3c26b79
Instruction ID: c7fd7145dded504989ae103a6bb9f9e091e28ee5b9631ab532fee6d2a732de6a
Opcode Fuzzy Hash: 0fa31f2ca3fe8497505f97cd3c0d4a811d5fddb03ac6a66dc180c790c3c26b79
Instruction Fuzzy Hash: 3F11B6323007148FD731AE5DE840A6EF7E8EBE1761F14492FE65987651E7A29C0487B2

Function 00E4F0F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00E4F14A
std::_Xinvalid_argument.LIBCPMT ref: 00E4F1AA

Part of subcall function 00DE2308: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00DE2314
Part of subcall function 00DE2308: __CxxThrowException@8.LIBVCRUNTIME ref: 00DE2322

Strings

vector<T> too long, xrefs: 00E4F145, 00E4F1A5

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$Exception@8Throwstd::invalid_argument::invalid_argument
String ID: vector<T> too long
API String ID: 1284171080-3788999226
Opcode ID: 0076ae97b96a8c10d432a4266d6ef69ba842cd40e000b5318e37df6654c7385b
Instruction ID: 38a03db28a90a5f92251a4e4d9d84563e0eff3ffe3329c19cfcf8183e01584c2
Opcode Fuzzy Hash: 0076ae97b96a8c10d432a4266d6ef69ba842cd40e000b5318e37df6654c7385b
Instruction Fuzzy Hash: 881196763016115B871C9D7EEC9586BB6D7ABD876132CCF3EF486E3788C4B0E4414554

Function 00DC7E10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00DC7E3F

Strings

., xrefs: 00DC7E80
0123456789, xrefs: 00DC7E37, 00DC7E55

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: .$0123456789
API String ID: 601868998-4187921772
Opcode ID: b4d62bcd912296701ed07d607ad75b6b11cc23729f0ea3e6c0fcbb50fa160fc7
Instruction ID: 06a8d8613ce5a79ad13a55b9f9d4e87af6f16900dd3bac9e870783698b58cc60
Opcode Fuzzy Hash: b4d62bcd912296701ed07d607ad75b6b11cc23729f0ea3e6c0fcbb50fa160fc7
Instruction Fuzzy Hash: 8621C3379081175ADB359A38C490FBABFACDB46361F1900EEEC598B240D632DD458BB1

Function 00DA9FA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00DA9FC1

Part of subcall function 00E61273: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFBF47,?,?,?,?,?,?,?,?,00DFBF47,?,00ED0200), ref: 00E612D2

new.LIBCMT ref: 00DA9FF8

Strings

4, xrefs: 00DA9FBC, 00DA9FC0

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: DispatcherExceptionException@8ThrowUser
String ID: 4
API String ID: 2513928553-804131889
Opcode ID: f9b45fed7240930d1d178b2798438b811b1068547230227730162a109cb3f5a2
Instruction ID: 8580fc67ac4965011abbd3f929d4fb5c28882f9bc31655d1a01b537cfab2de5d
Opcode Fuzzy Hash: f9b45fed7240930d1d178b2798438b811b1068547230227730162a109cb3f5a2
Instruction Fuzzy Hash: 1011A372944208AFDB14DB98DC42BADB3ECEB04710F04466EF915D7780EBB5A904C7A5

Function 00DFE770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,00E142D9,?,00000000,2C690420), ref: 00DFE79C
GetLastError.KERNEL32(?,?,?,00E142D9,?,00000000,2C690420), ref: 00DFE7A6

Strings

boost::filesystem::file_size, xrefs: 00DFE7B0, 00DFE7E6

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: boost::filesystem::file_size
API String ID: 1799206407-1937220381
Opcode ID: 4f3e4b88089c4d2f853d1a64d055d4a6b1011ee90b257ef938f5779ba8b93c52
Instruction ID: 33699d657e4e5f6b343236bcde8b875eacd7dc53d305812f53631790a3e446be
Opcode Fuzzy Hash: 4f3e4b88089c4d2f853d1a64d055d4a6b1011ee90b257ef938f5779ba8b93c52
Instruction Fuzzy Hash: AA113A71610304ABCA00AB39DC46F7F77E5EF89724F858E08F685E72E1E234E8408672

Function 00DCA120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00DCA159
SetLastError.KERNEL32(0000001C,?,?,?,?,?,?,?), ref: 00DCA1A2

Strings

%d.%d.%d.%d, xrefs: 00DCA14E

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ErrorLast___swprintf_l
String ID: %d.%d.%d.%d
API String ID: 2990598187-3491811756
Opcode ID: 33315c84b985a89e545ab7779c6c724f97f69d505f2d3e38d9b7720fa23e42fe
Instruction ID: effb7620a98d51fd5646a6b9adfa3065ab37f82f8f2632b06b2ca20ca3f574b5
Opcode Fuzzy Hash: 33315c84b985a89e545ab7779c6c724f97f69d505f2d3e38d9b7720fa23e42fe
Instruction Fuzzy Hash: D61129756042895FCF04CF6CD850BBABBB8CF4A204F1941DDE845DB282D9279A0AC771

Function 00E22BE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00E22C38

Part of subcall function 00DE2308: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00DE2314
Part of subcall function 00DE2308: __CxxThrowException@8.LIBVCRUNTIME ref: 00DE2322

Strings

vector<T> too long, xrefs: 00E22C33
h@t, xrefs: 00E22BF6

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument
String ID: h@t$vector<T> too long
API String ID: 1419379543-1867900405
Opcode ID: c23b541d35f678854990df4b07cf9090b660f6650c4588ba3cb0933910e373ef
Instruction ID: e9f1966b8d03dfb1ccfe1824872c6545a35fe61b884cf17ccde703b984893165
Opcode Fuzzy Hash: c23b541d35f678854990df4b07cf9090b660f6650c4588ba3cb0933910e373ef
Instruction Fuzzy Hash: 28113D71904718ABC720DF59D941B9ABBF8FB48720F108A2EF859A3680D775A504CBA0

Function 00DBE1F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

getsockopt.WS2_32(00004020,0000FFFF,00001001,00000000,00000004), ref: 00DBE25B
setsockopt.WS2_32(00004020,0000FFFF,00001001,00004020,00000004), ref: 00DBE280

Strings

@, xrefs: 00DBE1FB

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: getsockoptsetsockopt
String ID: @
API String ID: 194641219-2726393805
Opcode ID: d16ed5dbbaee8b326abb849ee457f4dfb23b9f275a1bccfb8546b584e61e51a3
Instruction ID: 4528ed66550aa186f00ac94229282cb160e66e2b27787ab2771f15397335c146
Opcode Fuzzy Hash: d16ed5dbbaee8b326abb849ee457f4dfb23b9f275a1bccfb8546b584e61e51a3
Instruction Fuzzy Hash: A8014070940209EEEB20DF81DD46BED777DEF01704F540195FA05AB2D1D7B19A489B54

Function 00DA0F40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 00DA0FCB

Strings

(, xrefs: 00DA0F6E
0, xrefs: 00DA0F78

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: ($0
API String ID: 4194217158-3933029163
Opcode ID: b16a4a0a218748b14c83e9b3ad5dec9e77d273993372d0d60514f3b96a9b1363
Instruction ID: 14ab1029603eaf2a00ba1c267ead8ab0349d0340acf11e574b50052723571b07
Opcode Fuzzy Hash: b16a4a0a218748b14c83e9b3ad5dec9e77d273993372d0d60514f3b96a9b1363
Instruction Fuzzy Hash: 0A11F5B4500B449FCB20CF58C445B56BBE8FB4A718F009A5DE89AABB51E7B5F904CF50

Function 00E23630 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00E22700: new.LIBCMT ref: 00E2272E

Part of subcall function 00DFB0AE: __onexit.LIBCMT ref: 00DFB0B4

__Init_thread_footer.LIBCMT ref: 00E236A4

Strings

4, xrefs: 00E23649, 00E236B1
h@t, xrefs: 00E23684, 00E236AC

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Init_thread_footer__onexit
String ID: h@t$4
API String ID: 1881088180-838861202
Opcode ID: 5b54de357968b8a06b3e5e1b69a5b408e2256041874618a25cedf492cadef469
Instruction ID: 83078ac606737de28f46241ad745e44e5ff621deb19f5e6c6b6528d71ec9f533
Opcode Fuzzy Hash: 5b54de357968b8a06b3e5e1b69a5b408e2256041874618a25cedf492cadef469
Instruction Fuzzy Hash: 6D01A271A4468CEFCF10DB59E882F9873E4E749720F104269FA15BB7E2CB7569048A21

Function 00E8389D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E83933
GetLastError.KERNEL32(?,00000000), ref: 00E83941
MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,?,00000000,?,00000000), ref: 00E8399C

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: ea2839eb2688d92e953a424ee3493aaef75142b91f60ccf94d92068321eb9ec2
Instruction ID: d482e45e9fac097ee7d22c0109bb82fb680105036ea14917a36d228c524a55a5
Opcode Fuzzy Hash: ea2839eb2688d92e953a424ee3493aaef75142b91f60ccf94d92068321eb9ec2
Instruction Fuzzy Hash: 08412730604246AFCB21AF75C844BAA7BB8EF81B24F145258F85DB7199DBB08E01CB60

Function 00DF9180 Relevance: 5.1, APIs: 4, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,74DEDF60), ref: 00DF9255
HeapFree.KERNEL32(00000000), ref: 00DF9262
GetProcessHeap.KERNEL32(00000000,00E948B4,?,00000000,?,?,?,?,?,?,?,?,00000000,00E948B4,000000FF), ref: 00DF9295
HeapFree.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,00000000,00E948B4,000000FF), ref: 00DF929C

Part of subcall function 00DF9610: GetProcessHeap.KERNEL32(00000000,00E94706,?,?,00E94706,000000FF), ref: 00DF9672
Part of subcall function 00DF9610: HeapFree.KERNEL32(00000000,?,?,00E94706,000000FF), ref: 00DF9679

Part of subcall function 00DF8E70: TlsGetValue.KERNEL32(FFFFFFFF,2C690420,74DEDF60,00E948B4), ref: 00DF8EDD
Part of subcall function 00DF8E70: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 00DF8F3E
Part of subcall function 00DF8E70: GetModuleHandleA.KERNEL32(KERNEL32.DLL,SetWaitableTimerEx), ref: 00DF8F88
Part of subcall function 00DF8E70: GetProcAddress.KERNEL32(00000000), ref: 00DF8F8F

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Heap$FreeProcess$AddressCreateHandleModuleProcTimerValueWaitable
String ID:
API String ID: 79733456-0
Opcode ID: 2b6fd5d8b5f95f33053715ea3d2606d77b25b82e3151f848d7b02b1c7e4fa780
Instruction ID: 3c4a3037d40c58847f2d6d55372b549638a4ada1545a2b04a4bf5ea04df1ad81
Opcode Fuzzy Hash: 2b6fd5d8b5f95f33053715ea3d2606d77b25b82e3151f848d7b02b1c7e4fa780
Instruction Fuzzy Hash: 7631B031D04648ABCB10DFA9C945BAEF7B8EF59720F15831AF925A72D0DB706944CBA0

Function 00DF92C0 Relevance: 5.1, APIs: 4, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00D73F3F,?,00000008,00000000,00E9A35C,000000FF,?,00D73F3F,2C690420), ref: 00DF9319
HeapFree.KERNEL32(00000000,?,00000008,00000000,00E9A35C,000000FF,?,00D73F3F,2C690420), ref: 00DF9320
GetProcessHeap.KERNEL32(00000000,00D73F3F,?,00000008,00000000,00E9A35C,000000FF,?,00D73F3F,2C690420), ref: 00DF9358
HeapFree.KERNEL32(00000000,?,00000008,00000000,00E9A35C,000000FF,?,00D73F3F,2C690420), ref: 00DF935F

Memory Dump Source

Source File: 00000007.00000002.2137113811.0000000000D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000007.00000002.2137090971.0000000000D70000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137228746.0000000000EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137279007.0000000000EE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137302809.0000000000EE2000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137329416.0000000000EE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137355706.0000000000EEA000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2137390273.0000000000EEC000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d70000_installer.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 2cd0a99ef2228c49538d32c2152c6b6d13b9c277d887c04de14ebd5e01cc6f42
Instruction ID: 20ca536e0a69f1d07c6e293b516dcebb5c7941220d3a59903b615b764c899b76
Opcode Fuzzy Hash: 2cd0a99ef2228c49538d32c2152c6b6d13b9c277d887c04de14ebd5e01cc6f42
Instruction Fuzzy Hash: BB11A531D057149FCB10CFA4D804BAEBBA8FF09B20F054659E919972C0DB756804CB90

Analysis Process: GenericSetup.exePID: 6368, Parent PID: 1228COMMON

Execution Graph

Execution Coverage:	18.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 00007FFD9B886DC8 Relevance: 1.6, APIs: 1, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnumWindows.USER32 ref: 00007FFD9B886E81

Memory Dump Source

Source File: 00000008.00000002.2135253114.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b880000_GenericSetup.jbxd

Similarity

API ID: EnumWindows
String ID:
API String ID: 1129996299-0
Opcode ID: 344ae35666395ebb7244ca018a2c53dd247414329bd5f7eab2c501930b4ba560
Instruction ID: 7042093acb65f6d53e522d4492b20f6546e11a5428a81bd443720202e961387b
Opcode Fuzzy Hash: 344ae35666395ebb7244ca018a2c53dd247414329bd5f7eab2c501930b4ba560
Instruction Fuzzy Hash: B7310570A0DA5C8FEB59DF68C8566FD7BE0EF59321F00016FD459C3296CA74A805CB91

Function 00007FFD9B887EA9 Relevance: 1.6, APIs: 1, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDlgButtonChecked.USER32 ref: 00007FFD9B887F47

Memory Dump Source

Source File: 00000008.00000002.2135253114.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b880000_GenericSetup.jbxd

Similarity

API ID: ButtonChecked
String ID:
API String ID: 1719414920-0
Opcode ID: 4b6bf10c4e0bf4e4ca4b584db14526c9e35883b4fd4ec8e0ad1b7486c185a9be
Instruction ID: 6c452c7816add27a677b7f5ad142f3f7275735ebbc46cb5796f5745b99caea93
Opcode Fuzzy Hash: 4b6bf10c4e0bf4e4ca4b584db14526c9e35883b4fd4ec8e0ad1b7486c185a9be
Instruction Fuzzy Hash: FF31C43191DA4C8FDB1CDB58D846AF97BF0EB5A321F00426FD059D3192DA616846CB81

Analysis Process: BurnAware.exePID: 1244, Parent PID: 7044COMMON

Executed Functions

Function 00488CDC Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2947020715.0000000000488000.00000020.00000001.01000000.00000013.sdmp, Offset: 00488000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_488000_BurnAware.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2546d573c87b10955ac251ad0e572c7a747b40650f18f79c476ccdd8d38683e
Instruction ID: 4e4ac5f14a939beecb4426a66e010880d0396e3eb57adda601493f2cec4e66b0
Opcode Fuzzy Hash: f2546d573c87b10955ac251ad0e572c7a747b40650f18f79c476ccdd8d38683e
Instruction Fuzzy Hash: B3118235200240AFC701FF69DC81D5A37E9EB4A31479108BAF900CB292D675ED11CB68

Function 00488A46 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2947020715.0000000000488000.00000020.00000001.01000000.00000013.sdmp, Offset: 00488000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_488000_BurnAware.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da47cf3349392410e6e12ccb560155305c0b7d5cf600b23dbbe3730b3377087
Instruction ID: f017cafe708a00f91df5adcd9e92cc038a54f3527a5ebf51ad89cfa38282c4d1
Opcode Fuzzy Hash: 8da47cf3349392410e6e12ccb560155305c0b7d5cf600b23dbbe3730b3377087
Instruction Fuzzy Hash: 1101BC717042059FC304FB7A8C8599E77D9AF88304B8089BEB405CB293DE38D84AC759

Function 00488B9A Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2947020715.0000000000488000.00000020.00000001.01000000.00000013.sdmp, Offset: 00488000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_488000_BurnAware.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d97f98285468020c39955f93809d4dd73d98e579b58895893301d822eda459bd
Instruction ID: c24f7249ba5cc0aeacdeb5c6c9da5a82a1e09de8730df056c3214ea730bab89e
Opcode Fuzzy Hash: d97f98285468020c39955f93809d4dd73d98e579b58895893301d822eda459bd
Instruction Fuzzy Hash: 0BE08672301D205B8A64B67E9941C6F62D86FC8B003845D2FF446D7740DA38FC40879D

Function 00488A4C Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2947020715.0000000000488000.00000020.00000001.01000000.00000013.sdmp, Offset: 00488000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_488000_BurnAware.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e851becbddab889479e3962659f540cf1b198496a29d891a5c6b1c61bc295692
Instruction ID: 7e77913ec2ff17cb1874c5ccf54b4836721cf0d8ae619143f76ce850856ba237
Opcode Fuzzy Hash: e851becbddab889479e3962659f540cf1b198496a29d891a5c6b1c61bc295692
Instruction Fuzzy Hash: 43A002244011048FDE24B691C00576E25907B50359FC12DDFD101153965F7D4488A72A

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\BurnAware Free\AudioCD.exe (copy)

C:\Program Files (x86)\BurnAware Free\BurnAware.exe (copy)

C:\Program Files (x86)\BurnAware Free\BurnImage.exe (copy)

C:\Program Files (x86)\BurnAware Free\CopyImage.exe (copy)

C:\Program Files (x86)\BurnAware Free\DataDisc.exe (copy)

C:\Program Files (x86)\BurnAware Free\DiscInfo.exe (copy)

C:\Program Files (x86)\BurnAware Free\Dos622.img (copy)

C:\Program Files (x86)\BurnAware Free\EraseDisc.exe (copy)

C:\Program Files (x86)\BurnAware Free\MakeISO.exe (copy)

C:\Program Files (x86)\BurnAware Free\MediaDisc.exe (copy)

C:\Program Files (x86)\BurnAware Free\SpanDisc.exe (copy)

C:\Program Files (x86)\BurnAware Free\UnpackISO.exe (copy)

C:\Program Files (x86)\BurnAware Free\VerifyDisc.exe (copy)

C:\Program Files (x86)\BurnAware Free\badecx.dll (copy)

C:\Program Files (x86)\BurnAware Free\bamainlib.dll (copy)

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exe

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre